Largest U.S. Data Breach Settlements with Government Include 3 Insurers

By | July 23, 2019

The U.S. Federal Trade Commission announced on Monday that Equifax Inc. will pay up to $700 million for a data breach that exposed millions of consumers’ personal information.

The following are seven of the largest data breach settlements with the federal government and states, excluding class actions, in recent years.

1) Equifax

Following its 2017 data breach, Equifax will pay up to $700 million to the U.S. Federal Trade Commission, the Consumer FinancialProtection Bureau and nearly all U.S. states and territories. That includes a $175 million fine to the states and $100 million to the CFPB. It will also establish a $300 million restitution fund for harmed consumers. That amount could grow to $425 million depending on how many consumers act on it.

2) Uber

In 2018, ride-hailing app Uber reached a $148 million settlement with 50 U.S. states and Washington, D.C., for failing to disclose a massive data breach in 2016. It exposed personal data from 57 million user accounts.

3) Target

Retailer Target Corp. agreed in 2017 to pay $18.5 million to 47 U.S. states and the District of Columbia for the company’s massive 2013 data breach. Target reported that hackers stole data from up to 40 million credit and debit cards from shoppers who visited its stores in the 2013 holiday season.

4) Anthem

Anthem, Inc. agreed to pay $16 million to the U.S. Department of Health and Human Services and the Office for Civil Rights in 2018 to settle potential violations of HIPAA, the Health Insurance Portability and Accountability Act Privacy and Security Rules, an HHS statement said. A series of cyberattacks exposed the health information of almost 79 million people.

5) Premera

Earlier this month, health insurance company Premera Blue Cross agreed to pay $10 million to 30 U.S. states for allegedly failing to secure consumer data. A hacker had access to its network of private health information and Social Security numbers from May 2014 to March 2015, a statement from the Washington state attorney general said.

6) Nationwide Mutual

Insurance company Nationwide Mutual agreed in 2017 to pay $5.5 million to 33 U.S. states for a 2012 data breach. The attorneys general alleged that the company failed to apply a critical security patch and resulted in the loss of the personal information of over one million consumers.

7) Ashley Madison

Adultery website Ashley Madison’s parent company Ruby Corp. agreed in 2016 to pay $1.6 million to settle FTC and state charges that it failed to protect 36 million users’ account and profile information in a July 2015 data breach. In a separate 2017 settlement, the company agreed to pay $11.2 million in a class-action settlement, which said users with valid claims could recoup up to $3,500 depending on their losses from the breach.

(Reporting by Bryan Pietsch Editing by Nick Zieminski)

Topics Cyber USA Carriers Data Driven

Was this article valuable?

Here are more articles you may enjoy.

Latest Comments

  • August 7, 2019 at 11:55 am
    Glenn Salter says:
    What is more interesting to me is the fact these large payouts are predicated off of the standard, "You must prove the damage to you" instead of the fact that the company whic... read more
  • August 5, 2019 at 10:57 am
    Eli Mishanie says:
    What nobody seems to ask- Where is the money be applied to using these huge awards? Why doesn't the government create a pool of money for those "individuals" that have gotten ... read more
  • July 29, 2019 at 1:03 pm
    rob says:
    i didn't know I had an Ashley Madison account until my wife told me she made one for me. I'm pretty sure she did that to prove a point because nobody was interested there eit... read more

Add a CommentSee All Comments (4)Add a Comment

Your email address will not be published. Required fields are marked *


More News
More News Features