Facepalm: Hackers were able to exploit an unpatched security flaw in Equifax’s systems and thanks to a malfunctioning scanning tool, they were able to avoid detection for months. Most expected the stolen data to surface for sale on the dark web yet oddly enough, that hasn’t yet happened, leading some to surmise that a nation-state was behind the attack.

One of the largest credit reporting firms in the country is nearing a deal to settle multiple state and federal investigations into a 2017 data breach that impacted around 145 million consumers.

Sources familiar with the matter told The Wall Street Journal that Equifax will pay nearly $700 million to the Federal Trade Commission, the Consumer Financial Protection Bureau and most state attorneys general to resolve the matter. The settlement would also clear up a consumer class-action lawsuit, we’re told. Some of the funds would be used to compensate consumers for harm suffered as a result of the breach, sources said.

Equifax in late 2017 said unauthorized activity from mid-May through July 2017 exposed users’ names, Social Security numbers, birth dates, addresses and driver’s license numbers. In some cases, credit card numbers were also compromised.

A settlement could be announced as early as Monday.

Masthead credit: credit bureau report card by Michael D Brown