2019Data Security
Data Breach

Written By ESR News Blog Editor Thomas Ahearn

On July 22, 2019, the Consumer Financial Protection Bureau (CFPB), the Federal Trade Commission (FTC), and 48 states, the District of Columbia, and Puerto Rico announced a settlement with Equifax that will provide up to $700 million in monetary relief and penalties for a data breach in 2017, according to a CFPB press release.

The CFPB claimed in a complaint and proposed stipulated judgment filed in federal district court in the Northern District of Georgia that Equifax engaged in unfair and deceptive practices in connection with the 2017 data breach of Equifax’s systems that impacted approximately 147 million consumers.

The CFPB alleges in its complaint that Equifax violated the law in several ways through its conduct both before and after the data breach. Specifically, the CFPB claims Equifax engaged in unfair and deceptive practices in violation of the Consumer Financial Protection Act of 2010 by:

  • Failing to provide reasonable security for the massive quantities of sensitive personal information stored within its computer network, causing substantial injury to consumers whose data was stolen;
  • Deceiving consumers about the strength of its data security program in its privacy policies; and
  • Engaging in acts and practices that caused additional harm or risk of harm to consumers in response to the breach.

If approved by the court, the proposed settlement agreement will provide up to $425 million in monetary relief to consumers, a $100 million civil money penalty, and other relief. In total, the settlements with these entities would impose up to $700 million in relief and penalties.

“The incident at Equifax underscores the evolving cyber security threats confronting both private and government computer systems and actions they must take to shield the personal information of consumers,” CFPB Director Kathleen L. Kraninger stated in the press release.

Equifax – a nationwide credit reporting company headquartered in Atlanta, Georgia – announced in September of 2017 that a data breach at the company resulted in the exposure of sensitive personal information such as Social Security numbers (SSNs) of approximately 147 million U.S. consumers.

Consumers affected by the 2017 Equifax data breach must submit a claim in order to receive free credit monitoring or cash reimbursements. After the court approves the settlement, consumers can submit a claim by mail or online at www.EquifaxBreachSettlement.com which contains deadlines for filing claims.

Data breach concerns have led to an increased focus on information security for background screening firms in 2019, and this trend was chosen by global background check provider Employment Screening Resources® (ESR) as first on the list of “ESR Top Ten Background Check Trends” for 2019.

In the wake of well publicized data breach incidents, employers conducting background checks are looking for screening firms to have third-party certifications such as SSAE 18 SOC 2® Type 2 reports and accreditation from the National Association of Professional Background Screeners (NAPBS).

U.S. screening firms conducting background checks in the European Union (EU) and Switzerland must comply with the EU-U.S. and Swiss-U.S. Privacy Shield Framework that governs the transfer of personal data from those countries to the U.S. and the General Data Protection Regulation (GDPR) that protects the data of EU citizens.

Employment Screening Resources® (ESR) – a leading global background check firm – is accredited by the NAPBS, undergoes annual SOC 2® audits, participates in the EU-U.S. and Swiss-U.S. Privacy Shield Framework, and has fully compliant GDPR technology. To learn more, visit www.esrcheck.com.

NOTE: Employment Screening Resources® (ESR) does not provide or offer legal services or legal advice of any kind or nature. Any information on this website is for educational purposes only.

© 2019 Employment Screening Resources® (ESR) – Making copies or using of any part of the ESR News Blog or ESR website for any purpose other than your own personal use is prohibited unless written authorization is first obtained from ESR.