A US judge has rubber-stamped a $1.38 billion settlement related to the massive 2017 data breach at Equifax - capping the amount available for cash payouts to victims.
As first reported by BankInfo Security, the federal judge has given final approval for a settlement that deals with a class action lawsuit against Equifax.
Mirroring an agreement reached between Equifax and the Federal Trade Commission last year, the settlement sees the tens of millions of Americans affected by the breach given the choice between free credit monitoring or a cash payment.
While the cash payment is nominally worth up to $125 per victim, in reality it is likely to be significantly less because of a £31 million disbursement cap on the total pool available.
With so many opting for the cash payment option, the FTC has urged people to instead take the free credit monitoring. Anyone wishing to take the cash has until 22 January to make a claim.
A far larger slice of the settlement - around $1 billion - is dedicated to making security upgrades in the wake of the breach, which compromised the personal information of around 145 million Americans.
A senate investigation found numerous failings by the credit rating agency both before and after the breach. The investigation found problems with Equifax's cyber-approach going back way before the breach. The firm had no standalone written corporate policy governing the patching of known cyber vulnerabilities until 2015.
Even when this was remedied and an audit found thousands of vulnerabilities, several issues were not actually addressed before the 2017 attack.
And once the hackers were inside Equifax's systems, the damage could have been minimised but usernames and passwords were saved on a file share by employees - a move designed to make business more efficient. In addition, Equifax did not have basic tools in place to detect and identify changes to files.