Welcome
About
News
Anonymous Reporting
Tools
MCA Chatter
Library
V-ID Terminal
Support
My Account

News

Icon representing US Coast Guard Bulletin: Cyber Adversaries Targeting Commercial Vessels
US Coast Guard Bulletin: Cyber Adversaries Targeting Commercial Vessels

June 21st 2019
Icon representing Would you pay $1m for a laptop full of malware?
Would you pay $1m for a laptop full of malware?

May 23rd 2019
Icon representing Singapore Opens Maritime Cybersecurity Operations Centre (MSOC)
Singapore Opens Maritime Cybersecurity Operations Centre (MSOC)

May 22nd 2019
 
 
 

Equifax Would Have Paid $1.5bn Under New US Breach Laws

 
January 11th 2018
Senators have proposed new legislation which would impose strict liability penalties on credit agencies (CRAs) in the event of a data breach.

The Data Breach Prevention and Compensation Act is designed to make the big CRAs more accountable, following a damaging breach at Equifax last year which affected 145.5m Americans and 700,000 Brits.

The act would establish an Office of Cybersecurity at regulator the FTC which would have responsibility for annual inspections and supervision of security-related issues.

Most notably, it would impose mandatory financial penalties starting at $100 for every customer who has one piece of personally identifiable information (PII) compromised, with $50 per additional piece of PII. Half of the money collected would be used to compensate the victims.

These fines could rise even higher if there’s evidence of inadequate cybersecurity or delayed breach reporting.

Under the new legislation, Equifax would have been forced to pay an estimated $1.5bn fine following its September 2017 breach, according to senator Elizabeth Warren.

"The financial incentives here are all out of whack – Equifax allowed personal data on more than half the adults in the country to get stolen, and its legal liability is so limited that it may end up making money off the breach," she said in a statement.

"Our bill imposes massive and mandatory penalties for data breaches at companies like Equifax – and provides robust compensation for affected consumers – which will put money back into people’s pockets and help stop these kinds of breaches from happening again."

Although the US led the way globally with mandatory breach reporting laws a few years back, it is the EU GDPR which now sets the standard. Under the new data protection regulation, Equifax would likely have seen significant fines, due to the number of UK consumers affected.

Consumer and security groups appear to support the legislation.

“This bill establishes much-needed protections for data security for the credit bureaus,” said National Consumer Law Center staff attorney, Chi Chi Wu.

“It also imposes real and meaningful penalties when credit bureaus, entrusted with our most sensitive financial information, break that trust.”

Source


Keywords