Equifax has been fined the maximum amount allowed by the Data Protection Act of 1988 because the data breach that caused hundreds-of-thousands of customers to have their data exposed occurred before GPDR went into full effect. With an operating revenue of $16,000,000,000 ($16 Billion), Equifax would have had to pay a fine of $640,000,000 ($640 Million) instead of the 0.003% fine they’re currently paying. The Equifax breach was incredibly damaging as the names, credit card numbers, dates of birth, social security, drivers license, addresses, credit cards, and other Personally Identifying Information was all taken. This sort of information is a literal goldmine for identity theft and with that much detail, it would be possible for malicious actors to impersonate their victims. Technically, Equifax could appeal the fine but the evidence of multiple failures is solid and may be seen as a waste of time by the company.
Max is a Legal Assistant and author residing in the Philadelphia area He has been writing for AskCyberSecurity.com since early 2017.