On June 22, the Federal Trade Commission (FTC) announced the outcome of a settlement with Equifax, one of the three major credit monitoring firms in the United States.
The settlement requires Equifax to pay somewhere between $500 and $700 million in restitution for a 2017 data breach that affected about 147 million people across the United States, according to Jacqueline Connor, a privacy attorney with the FTC. The amount of the settlement is the highest in U.S. history for a data breach and the number of people impacted represents almost half the United States population. That’s nearly every adult in the country who has credit.
In California alone, Hackers were able to access and expose the personal information of about 15 million people.
“Our credit status impacts nearly every aspect of our lives - from purchasing a home or a car to finding a job,” said California Attorney General Xavier Becerra. “The same Americans who had to immediately protect themselves from fraudsters or identify thieves will have to be vigilant for the rest of their lives. We encourage every eligible person to apply for the relief they are entitled to as part of our settlement.”
About $300 million of the settlement amount will go to making payments to Americans affected by the breach. Equifax will pay another $275 million in fines to close the investigation by the Consumer Financial Protection Bureau and to end legal action by states who filed lawsuits against the company.
The hackers, who have not yet been identified, penetrated Equifax’s data files and were able to steal social security numbers, credit card numbers, addresses and other personal data. The breach affected all 50 states, the District of Columbia and U.S. territories.
To compensate victims, Equifax has set up a website (EquifaxBreachSettlement.com) where you can first check to see if you were affected by the breach. Then, you can apply for a check payment of “up to” $125, or you can choose free credit monitoring with all three major credit bureaus for up to four years, a value of a little over $950. When that period is over, you can choose to opt in for free credit monitoring by Equifax for another six years.
Because “millions of people” affected have filed claims for the $125 payment option since the settlement announcement, the FTC, which is responsible for consumer protection across the country, says applying for a cash payment is not the best way to go. So, as an alternative, Equifax is primarily now offering free credit monitoring to its customers affected by the data breach. If you’re already signed up for a free credit monitoring service and intend to keep it for the next six months, then you can apply for the $125 payment.
“The pot of money that pays for that part of the settlement is $31 million,” the FTC said in a statement. “A large number of claims for cash instead of credit monitoring means only one thing: Each person who takes the money option will wind up only getting a small amount of money. Nowhere near the $125 they could have gotten if there hadn’t been such an enormous number of claims filed.”
For Equifax to have paid out the full $125 to each person affected, a number of no more than 248,000 people would have needed to apply. If all 147 million people end up filing a claim, individual payouts would shrivel down to around .22 cents per person.
The cost for Equifax’s credit monitoring service is $19.99 a month, according to the company’s website. If every victim of the breach signs up, it could cost Equifax up to $2 billion to cover the costs.
Victims of identity theft or other fraud resulting directly from the breach who have documentation to back up their claim, will receive compensation of $25 an hour (for up to 20 hours) of the time they took to resolve the problem. They will be eligible for up to another 10 hours of $25-an-hour payments for the time they took to research or purchase protection services, including freezing their credit, after the fraud happened.
Those who incurred legal expenses or spent money on credit monitoring, notaries and other approved fines as a result of the hack, are eligible for up to $20,000 per person in reimbursements. They will also be required to show proof that their claims are valid.
The deadline to file all claims is Jan. 22, 2020.
For people who have already requested a $125 payment and would now like to opt for free credit monitoring instead, look out for an email from Equifax. The company will allow you to change your choice.
Some consumer advocates and legislators around the country say the settlement didn’t go far enough.
"Equifax's data breach put over 100 million Americans at risk by exposing their Social Security numbers and other personal information," said Rep. Frank Pallone (D-New Jersey), chair of the House Energy and Commerce committee, in a press release. "This settlement does not come close to making consumers whole and, once again, shows the limitations on the FTC's ability to seek strong penalties and effective redress for consumers."
News of data breaches of financial institutions and credit monitoring agencies is becoming an increasingly common occurrence.
Paige Thompson, a Seattle-based hacker, was arrested by the FBI last Monday after she bragged on social media about hacking Capital One and leaking 100 million consumers’ data.
Thompson, who previously worked for Amazon Web Services, bragged about her hacking exploits on Twitter under the username “Erratic.”