Latest news with #Equifax
Finextra
11 hours ago
- Business
- Finextra
Mitigating cyber-risks in outsourcing: Contract strategies for compliance and protection
0 This content is contributed or sourced from third parties but has been subject to Finextra editorial review. A clear and present danger In recent years, several prominent UK businesses have faced significant technology and cybersecurity challenges and the consequences of data protection breaches. For example, in October 2023, the Financial Conduct Authority (FCA) fined Equifax over £11 million for failing to manage and monitor the security of UK consumer data it had outsourced to its parent company based in the US. The breach allowed hackers to access the personal data of millions of people and exposed UK consumers to the risk of financial crime. As reported by Finextra on 15 May, NatWest's head of cyber security has revealed that the Bank faces 100 million cyber-attacks every month. That incident brought into sharp focus the risks and vulnerabilities which can arise where a customer outsources the handling of sensitive data, and the serious regulatory consequences faced by UK firms if they fail to ensure the safeguarding of sensitive information. Rules are rules Aside from principles of good business sense, obligations in relation to security and data protection are imposed on customers looking to outsource IT services to third parties via a range of regulatory and quasi-regulatory/industry measures. Regulatory measures in the UK include the requirements in the UK GDPR relating to security and data processor contracts, as well as more financial services-specific rules such as the FCA Operational Resilience regime, the FCA and PRA rules on material outsourcing and use of cloud, and the incoming FCA rules on use of Critical Third Party suppliers. Businesses operating in the EU (and by extension their relevant suppliers) must now also comply with the requirements of the EU Digital Operational Resilience Act (DORA) and its requirements in relation to critical IT services providers. Regulatory measures carry the added risk of sanctions and penalties from the relevant enforcement agencies if they are breached. Non-regulatory, but nonetheless important, requirements which impact many financial services business include the Payment Card Industry Data Security Standard (PCIDSS) which impose requirements on the security of card data, and the information security requirements of ISO27001. Get it in writing The typical provisions which a customer can try to include into contracts to meet its regulatory obligations, and otherwise to guard against (or at least provide some form of recourse in the event of) cyber and data infringements, can be grouped into two main types: (1) contract standards; and (2) rights and remedies. Contract standards Set out the general standards to which a supplier must conduct its business and provide their service(s) - for example in compliance with all laws and regulations, with professional skill and care and in accordance with good industry practice. standards to which a supplier must conduct its business and provide their service(s) - for example in compliance with all laws and regulations, with professional skill and care and in accordance with good industry practice. Set out any specific requirements which the supplier must meet which are intended to address particular cyber and data concerns, for example: Detailed security provisions, including compliance with the customer's own information and systems security policies Warranties of compliance with any information provided by the supplier pre-contract as part of the customer's due diligence process. Early warning requirements related to suspected cyber incidents or data breaches. Specific clauses designed to meet the requirements of the UK GDPR including: to exercise sufficient technical and organisational measures to protect data against unauthorised access, to notify data breaches in good time, and controls on the export of data outside of the UK/EEA. Compliance with specific industry standards including PCIDSS and ISO27001 Regular conduct of security testing and the provision of results to the customer (this can be a source of debate - a customer may want the right to conduct its own testing (including penetration tests) but suppliers can be reluctant to give this, especially over systems used for multiple customers, and so a right to see the results of the supplier's own internal or third party testing may be the best which can be achieved). An obligation to rectify any detected weaknesses after testing. Restrictions against use of sub-contractors and/or AI systems without the customer's consent. Requirement to use at least 'industry – standard' cybersecurity measures such as firewalls, malware blockers etc. requirements which the supplier must meet which are intended to address particular cyber and data concerns, for example: Rights and remedies Making sure that the supplier's liability for losses which might be suffered due to a cyber or data breach are not excluded out of hand, or caught by a general exclusion of 'indirect or consequential' liability. Potentially no or separate/higher liability caps for issues such as breach of confidentiality, security, or data protection requirements. It is now not uncommon to have 'supercaps' for data liability (although suppliers may not accept uncapped liability given the potentially large data protection regulatory fines). Indemnities for issues such as security or data breach Audit rights for the customer (and also its regulators) - which would extend to the supplier's sub-contractors. Definite termination rights in the event of a cyber or data related breach A right to remove supplier personnel or sub-contractors or the service if there are any concerns. Prevention is always better than the cure, and the only sure-fire way to avoid cyber and data issues is to make sure that, practically, the appropriate measures and behaviours are put in place by suppliers. However, a well-drafted contract will make it clear what a supplier is required to do, meet any regulatory requirements for terms which must be included, provide the customer with various rights and remedies (ideally to try and catch and avoid problems before they escalate), and otherwise provide the customer with a potential claim for damages for breach of contract, or indemnity rights should the supplier fail to comply with the relevant terms and the customer suffers loss or liability as a result.
CNET
2 days ago
- Business
- CNET
T-Mobile Data Breach Settlement Checks Are Arriving: Here's the Scoop
Checked your bank account lately? Is there an unexpected deposit from a company you don't recognize? It could be the money you're due from T-Mobile's 2022 class-action settlement. Those who qualify were told to expect settlement checks in April, but then that was moved till May. And now, in mid-June, as cited by Android Authority, Reddit users are saying they are seeing money in their bank accounts. Some are saying they received $56, but others are reporting amounts as high as $375. The account may come from T-Mobile Data Breach Settlement -- which you'd clearly understand -- or from Kroll Settlement Payouts. A representative for the settlement did not immediately respond to a request for comment. The settlement is the result of a class-action lawsuit filed against T-Mobile after a 2021 cyberattack exposed the personal data -- names, addresses and Social Security numbers -- of 76 million US customers. In 2022, T-Mobile agreed to a $350 million settlement to resolve claims that its negligence led to the data breach. It remains the second-largest data breach settlement in US history, following Equifax's $700 million settlement in 2019. How much will you get? If your data was exposed but you haven't already filed, it's too late to get in on the settlement. T-Mobile agreed to pay $350 million into a settlement fund that will be used to make cash payments for out-of-pocket losses and lost time, make cash payments, provide identity-defense services, provide restoration services, make payments to notify class members and administer the settlement, pay the class representatives who brought the suit, and pay attorney fees and costs. According to The Hill, payments might be smaller than $25 for some, as priority will go to those who can prove they suffered out-of-pocket losses. Those who lived in California at the time of the data breach are eligible for $100. And those who spent money at the time to recover or avoid identity theft or fraud -- like freezing their credit, spending money on credit monitoring services, incurring losses or were told to document their losses -- are eligible for up to $25,000, according to The Hill. Those who made a valid claim for identity-defense services will be sent information on how to activate those services. Monetary payments will be made in the manner each customer selected at the time they filed, which could mean a paper check will be mailed, or a digital deposit will be made. You can read the full documents for the lawsuit online.
Yahoo
3 days ago
- Business
- Yahoo
Equifax's Q1 Earnings Call: Our Top 5 Analyst Questions
Equifax's first quarter results were shaped by broad-based growth across non-mortgage segments and positive momentum in new product rollouts, leading to a market reaction that reflected investor approval. Management credited the strong performance to the accelerated adoption of its cloud-native platform and the introduction of proprietary solutions, such as the 'TWIN-powered' mortgage tool that combines employment, income, and credit data. CEO Mark Begor stated, 'Our strong first quarter is a proof point to the power of the Equifax cloud as our team can now fully focus on growth, innovation and customers.' Is now the time to buy EFX? Find out in our full research report (it's free). Revenue: $1.44 billion vs analyst estimates of $1.42 billion (3.8% year-on-year growth, 1.7% beat) Adjusted EPS: $1.53 vs analyst estimates of $1.40 (9% beat) Adjusted EBITDA: $423.1 million vs analyst estimates of $404.4 million (29.3% margin, 4.6% beat) The company slightly lifted its revenue guidance for the full year to $5.97 billion at the midpoint from $5.95 billion Management reiterated its full-year Adjusted EPS guidance of $7.45 at the midpoint Operating Margin: 16.4%, in line with the same quarter last year Market Capitalization: $33.22 billion While we enjoy listening to the management's commentary, our favorite part of earnings calls are the analyst questions. Those are unscripted and can often highlight topics that management teams would rather avoid or topics where the answer is complicated. Here is what has caught our attention. Jeff Meuler (Baird) asked about the scale and risks of federal government opportunities for TWIN. CEO Mark Begor emphasized constructive discussions in Washington and sees 'significant opportunities for future growth' as states and agencies focus on program integrity. Andrew Steinerman (JPMorgan) questioned the seasonality in free cash flow. CFO John Gamble explained that first-quarter free cash flow is always lower due to the timing of variable compensation payments, but normalized growth would exceed 20% year-over-year. Kyle Peterson (Needham & Company) pressed on whether recent volatility was fully reflected in guidance. Begor responded that the outlook incorporates current run rates and mortgage market trends observed through late April, but uncertainty in the second half drove a cautious stance. Shlomo Rosenbaum (Stifel) inquired about financial clients' behavior under macro uncertainty. Begor said banks are monitoring subprime delinquencies and consumer confidence, but have not yet tightened credit or initiated significant portfolio reviews. Arthur Truslove (Citi) asked how much cloud transformation contributed to USIS's non-mortgage acceleration. Begor attributed most of the improvement to post-cloud execution, noting increased commercial focus and new product momentum. The StockStory team will watch for (1) adoption and revenue growth from new TWIN-powered products in mortgage, auto, and personal loans; (2) further penetration into government and state agency contracts, especially as the Social Security Administration agreement ramps; and (3) the sustainability of operating margins as cloud transformation benefits are realized. Execution on the capital return strategy and resilience in recurring revenue streams will also serve as key indicators of business health. Equifax currently trades at $267.45, up from $215.01 just before the earnings. At this price, is it a buy or sell? See for yourself in our full research report (it's free). Market indices reached historic highs following Donald Trump's presidential victory in November 2024, but the outlook for 2025 is clouded by new trade policies that could impact business confidence and growth. While this has caused many investors to adopt a "fearful" wait-and-see approach, we're leaning into our best ideas that can grow regardless of the political or macroeconomic climate. Take advantage of Mr. Market by checking out our Top 5 Growth Stocks for this month. This is a curated list of our High Quality stocks that have generated a market-beating return of 183% over the last five years (as of March 31st 2025). Stocks that made our list in 2020 include now familiar names such as Nvidia (+1,545% between March 2020 and March 2025) as well as under-the-radar businesses like the once-micro-cap company Kadant (+351% five-year return). Find your next big winner with StockStory today.
CNBC
4 days ago
- Business
- CNBC
How to claim your part of TransUnion's $23 million class action settlement
TransUnion, one of the three largest credit bureaus in the U.S., has agreed to a $23 million class action settlement to resolve claims it failed to remove disputed hard inquiries from consumers' reports for nearly 10 years. In February 2025, the U.S. District Court for the Eastern District of Pennsylvania granted preliminary approval for the deal, which could impact more than 485,000 consumers. A final hearing is scheduled for July, after which eligible class members could receive as much as $160 each. Along with Equifax and Experian, TransUnion collects information about consumers' financial behavior and tabulates credit scores used by lenders, businesses and others to determine creditworthiness for loans, credit cards, insurance, employment, leases and other uses.A hard inquiry can lower your credit score, making you ineligible for certain products or preferred interest rates. Originally filed in December 2018, the lawsuit claims that TransUnion failed to investigate or remove certain disputed hard inquiries that appeared on consumers' credit reports between 2016 and 2025. As a result, the plaintiffs alleged, TransUnion violated the Federal Fair Credit Reporting Act and unfairly lowered their credit scores. According to court filings, consumers who challenged questionable inquiries were sent standard "502 Letters," which explained the nature of credit report inquiries and suggested they reach out to the inquirers themselves. The plaintiffs maintain that TransUnion should have contacted the third parties directly and removed the inquiries. TransUnion hasn't admitted any wrongdoing but a representative told CNBC Select that, moving forward, it was instituting changes "regarding consumer challenges to hard inquiries." Offers in this section are from affiliate partners and selected based on a combination of engagement, product relevance, compensation, and consistent from $9 to $25 per month, billed annuallyProtects against identity theft, financial fraud, spam calls, online theft, scam websites, viruses and malware. Offers VPN, 3-credit bureau monitoring, password manager and instant credit lock. On Aura's siteFrom $6.67 to $17.99 per month, billed annually on individual plans and $10.00 to $23.99 per month, billed annually on family plansUp to $1 million in insurance for eligible losses from identity theft On Identity Guard's site Credit checks fall into two categories, either soft or hard inquiries: A soft inquiry (or "soft pull') may be triggered if you're prequalified for a credit card or a landlord runs a basic background check. It includes limited information and won't impact your credit score. Financial institutions trigger a hard inquiry, or 'hard pull," when they're making lending decisions, say, about your application for a mortgage, personal loan or credit card. These are more in-depth and single hard pull can ding your score by about five points, according to FICO, , although if you have a shorter credit history or fewer accounts, it might have a more substantial impact. Numerous hard inquiries in a short period can also take a greater monitoring and identity theft protection services keep tabs on changes to your reports, including new credit inquiries and opened accounts and information appearing on the dark web. You can dispute errors and fraud on your report yourself, but many people find the process time-consuming, confusing or intimidating. A credit repair company will reach out to the three credit bureaus on your behalf and challenge any incorrect information. Consumers who disputed a hard inquiry listed on their TransUnion credit report and received a '502 Letter' between December 5, 2016, and January 31, 2025, are eligible class members. Under the terms of the settlement, consumers who received a '502 Letter' are entitled to a minimum cash payment of at least $20 to $30. Class members who experienced certain financial harms as a result of TransUnion's alleged violation can file a claim for damages and a higher payment. The final amount will be based on how many valid claims are received but could be as much as $160. To file a valid higher payment claim, you must attest at least one of the following: Class members do not have to do anything to receive a minimum payout, which will automatically be mailed to the address TransUnion used to send "502 Letters." If your address has changed or you believe you suffered specific financial harm and wish to apply for additional damages, you must complete a claim form on the class action settlement website by June 24, 2025. You may also mail your form to: Norman v Trans Union, LLC c/o Settlement AdministratorPO Box 23489, Jacksonville, FL 32241 The deadline to object to the settlement or request to be excluded is also June 24, 2025. Payments are expected to be distributed within 90 days of the final hearing on July 21, 2025. But appeals and injunctions may delay the process. A hard inquiry is an in-depth review of your credit history for the purposes of determining your creditworthiness. According to FICO, a single hard pull will lower your credit score less than five points. If you have a shorter credit history or fewer accounts, however, it might have a more substantial impact. Numerous hard inquiries in a short period can also take a greater toll. In general, hard inquiries remain on your credit report for two years but stop affecting your credit score after one. You can check your credit report to see when an inquiry was performed. That can help you keep track of your credit score and be on alert for potential fraud if you see an inquiry you don't recognize. Class members willing to accept the $20-$30 settlement do not need to file a claim. If you believe you experienced specific harm and want to apply for additional damages, you must complete a claim form on the class action settlement website by June 24, 2025. Along with Equifax and Experian, TransUnion is one of the three leading credit reporting agency that collects information about consumers' financial behavior to tabulate credit scores used by lenders, businesses and other entities. Information gathered by these agencies is used to determine an individual's creditworthiness and in decisions about their employment, insurance and more. At CNBC Select, our mission is to provide our readers with high-quality service journalism and comprehensive consumer advice so they can make informed decisions with their money. Every personal finance article is based on rigorous reporting by our team of expert writers and editors with extensive knowledge of financial products. While CNBC Select earns a commission from affiliate partners on many offers and links, we create all our content without input from our commercial team or any outside third parties, and we pride ourselves on our journalistic standards and ethics. Money matters — so make the most of it. Get expert tips, strategies, news and everything else you need to maximize your money, right to your inbox. Sign up here.
Yahoo
4 days ago
- Business
- Yahoo
Equifax Introduces Complete Income™ for Social Services
New Solution Designed to Help Government Agencies More Efficiently Verify Income for Today's Workforce, Including Applicants with Alternative Income Sources ATLANTA, June 16, 2025 /PRNewswire/ -- Equifax® (NYSE:EFX) today announced Complete Income™, a new solution powered by the Equifax Cloud™ that helps U.S. federal, state and local government agencies more efficiently process applications for social service benefits across programs including Medicaid, the Supplemental Nutrition Assistance Program (SNAP) and more with information on alternative income sources. Available in August 2025, through a single workflow, Complete Income delivers automated income verifications to caseworkers through two structured, easy-to-understand outputs. Instant Social Service Verification Reports from The Work Number® database include W-2 payroll information from more than 4.4 million employers, and the new Income and Expense Connect Solution incorporates consumer-credentialed bank deposit data covering 92% of U.S. financial institutions and self-reported income and expenses. This data may include unearned income such as pension, child support and more. "Market research has shown the increasing complexity of the modern U.S. workforce, including the addition of nearly 35 million independent workers over the past four years, which has created significant challenges for government agencies in verifying income for social service program eligibility," said Mike Bromley, Senior Vice President and General Manager, Government Solutions, Equifax. "Agency leaders tell us their top challenge in gig income verification is the difficulty of verifying self-employment income and its associated expenses from multiple platforms or jobs. With Complete Income, we're helping them solve this problem by offering a more comprehensive, efficient and secure solution that can provide a more holistic view of an individual's income and expenses, enabling agencies to make better-informed eligibility determinations and more efficiently serve vulnerable populations." When someone applies for social service benefits under programs such as Medicaid or SNAP, the agency must verify the applicant's income. While traditional payroll records meet the need for many applicants, income verification for self-employed individuals can present unique challenges that can impact the timeliness of benefits decisions. For example, caseworkers are called upon to help self-employed workers sort through and reconcile stacks of receipts indicating income as well as expenses in order to help determine eligibility. This type of manual process can be time consuming, inefficient and prone to errors. With Complete Income, a caseworker places an order through the same Equifax Verification Insights Portal used each day by thousands of credentialed verifiers, including numerous caseworkers. This order generates a text or email request that directs the applicant to the secure Equifax portal, which then guides the applicant through an intuitive process for providing bank deposit income as well as self-reported income and expenses. The caseworker receives the Social Service Verification report with W-2 payroll data instantly from The Work Number database and is then alerted when the Income and Expense Connect Solution with the alternative income and self-reported income and expenses are submitted by the applicant, providing a more holistic view of the applicant's income. "Complete Income delivers a more streamlined experience for agencies, caseworkers and applicants alike," added Bromley. "Agencies can serve their constituents more efficiently and with greater confidence. Caseworkers can spend less time on tedious, manual tasks, and more time supporting the people they serve. And applicants can complete the process more easily and receive faster benefits decisions." Complete Income provides credentialed verifiers with consumer reports under the Fair Credit Reporting Act (FCRA). These reports include clear income organization covering traditional income as well as available alternative income information categorized by wages and salary, unearned income, other income and expenses. For more information about Complete Income, please click here. ABOUT EQUIFAX Equifax (NYSE: EFX), we believe knowledge drives progress. As a global data, analytics, and technology company, we play an essential role in the global economy by helping financial institutions, companies, employers, and government agencies make critical decisions with greater confidence. Our unique blend of differentiated data, analytics, and cloud technology drives insights to power decisions to move people forward. Headquartered in Atlanta and supported by nearly 15,000 employees worldwide, Equifax operates or has investments in 24 countries in North America, Central and South America, Europe, and the Asia Pacific region. For more information, visit FOR MORE INFORMATION: Dan Jenkins for Equifax Workforce Solutionsmediainquiries@ View original content to download multimedia: SOURCE Equifax Inc.
