The US credit monitoring agency Equifax has agreed to pay up to USD 700 million in a settlement stemming from a data breach that affected nearly 150 million customers, regulators said Monday.
The company will pay at least USD 525 million as part of this agreement with parties including the Federal Trade Commission and 50 US states and territories over the massive theft of data in 2017, the FTC said.
The company gathers data on consumers to help lenders determine borrowers' creditworthiness.
Equifax disclosed in 2017 that hackers had stolen the personal details, including names, dates of birth and social security numbers, of nearly half the US.
It had been alerted in March of that year to a critical vulnerability in a database that handles questions from consumers about their personal credit data, but failed to patch its network, the FTC says.
"Companies that profit from personal information have an extra responsibility to protect and secure that data," FTC Chairman Joe Simons said in a statement announcing the settlement.
"Equifax failed to take basic steps that may have prevented the breach that affected approximately 147 million consumers," he added.