Equifax signed a settlement today to lay to rest lawsuits brought forward by the US Federal Trade Commission (FTC), state attorneys, and a class-action case relating to the firm’s 2017 data breach.
The security incident was caused by a failure to resolve a known security flaw in Apache Struts, despite a patch being made available two months prior to the breach.
This permitted a hacker to access the credit monitoring company’s systems, leading to the theft of records belonging to over 146 million users.
Names, dates of birth, Social Security numbers, phone numbers, email addresses, and driver’s license details were among the data sets stolen.
Such a severe — and preventable — lapse in security prompted regulators and impacted individuals to take Equifax to task through the legal system. However, the FTC announced today a settlement.