Do you remember back in 2017 when Equifax (the giant consumer credit agency) admitted that it had been breached?
Hackers broke into Equifax’s databases and stole personal and financial records of 147 million people.
And we’re talking EVERYTHING – names, addresses, Social Security Numbers… all the ingredients that an identity thief needs to destroy your life.
Equifax was totally at fault; the company had sloppy, irresponsible controls in place to safeguard this critical personal data.
Perhaps that’s not such a surprise given that the company’s Chief Security Officer had zero credentials related to either IT or security.
Last week Equifax was fined $700 million by the US Federal Trade Commission.
I found this interesting, given that it took TWO YEARS for this fine to be issued… even though Equifax already admitted to wrongdoing.
(I wonder how much money the FTC wasted investigating this data breach…)
The other thing that sticks out, though, is that the $700 million fine is roughly the amount of money that Equifax used to make each year.
In 2016, for example, the last full year prior to the breach, Equifax’s operating cash flow was $796 million. And in 2015 it was $742 million.
So Equifax was fined less than a year’s profit… And by the way, that $700 million fine constitutes less than $5 for each of the 147 million people who had their data stolen.
On the black market (and in the Internet’s infamous ‘dark web’), that sort of personal data can easily fetch more than ten times that amount.
Less than half of the money will be earmarked for victims; the rest will end up in the government’s pocket.