On April 17, 2020, The Massachusetts Attorney General, Maura Healey, announced that Massachusetts will receive a payout of $18.2 million in the settlement against Equifax Inc. The settlement, which was approved in a judgment on April 13, 2020, is in response to the 2017 data breach in which attackers hacked Equifax and gained unauthorized access to the personal information – including Social Security numbers and driver’s license numbers – of over 147 million U.S. individuals, 3 million of whom were Massachusetts residents.
The plaintiff – in this case the Commonwealth of Massachusetts – argued that the defendant – Equifax – knew of the vulnerability in its network but failed to take the necessary measures to prevent a breach. It was also argued that Equifax, after realizing that consumer data was hacked, failed to report the breach in a timely manner.
Aside from the monetary payout, the settlement also requires Equifax to improve its security practices and meet Massachusetts compliance regulations, including identifying critical security updates, minimizing its data collection, maintaining up-to-date software, and consenting to third-party assessments of its practices.
The funds will be used for state needs and for local consumer groups to assist customers. Massachusetts residents affected by the breach will not be compensated from the payout but can seek relief from the global settlement between Equifax and the Global Trade Commission which was settled in 2019.
What this settlement means for your businesses
Data breaches are becoming more prevalent and more dire. In fact, according to Kaspersky Labs, 46 percent of large businesses worldwide have already had one or more data breaches. And these data breaches effect everyone involved: businesses face lawsuits, employees face terminations, and consumers lose peace of mind.
Judges are not, and will not, cut slack for businesses that do not take the necessary actions to protect consumer data. In fact, following the Equifax settlement, Maura Healey stated that this is “one of the largest penalties ever paid to a single state over a data breach.” So now is the time to get serious about your application security and to show your customers that you are prioritizing their wellbeing.
One way to make sure that you have the proper security in place is to have a third-party assess and certify your applications. In a recent IDG survey report, Security as a Competitive Advantage, 66 percent of respondents stated that they would be more likely to work with a certified vendor. By undergoing an unbiased assessment, you can boost customer confidence, prevent future losses, and gain a competitive advantage.
At Veracode, we offer a step-by-step plan to become certifiably secure. Learn more about our program, Veracode Verified, and become a trusted vendor, today.