The FTC's Settlement With Equifax Is Such A Joke, The FTC Is Now Begging You Not To Ask For A Cash Settlement

from the say-what-now dept

Last week there was a bit of news as the FTC released a proposed settlement between the FTC and Equifax over the data brokers’ massive security breach that came to light nearly two years ago. We had already noted that the FTC’s way of dealing with Equifax seemed particularly tone deaf, but it’s getting worse. Much worse. As you may have heard, part of the “settlement” with Equifax is that you could sign up to get $125 from the company (or possibly more). It was either that or free credit monitoring. But, come on: everyone already has so many “free credit monitoring” services from previous breaches that this is a totally meaningless offer. It also costs nothing for Equifax.

So, over the past week or so a ton of (helpful) news sites have been posting explainers on how to get your $125. Except… apparently too many people signed up and now the FTC is helping Equifax by telling people not to ask for money from the company any more. First, the FTC literally deleted that option from its website:

Then, it posted a blog post and a statement both of which encourage people not to ask for money — and arguing that the credit monitoring that no one needs is a “better deal.”

The public response to the settlement has been overwhelming, and we?re delighted that millions of people have visited ftc.gov/Equifax and gone on to the settlement website?s claims form.

But there?s a downside to this unexpected number of claims. First, though, the good: all 147 million people can ask for and get free credit monitoring. There?s also the option for people who certify that they already have credit monitoring to claim up to $125 instead. But the pot of money that pays for that part of the settlement is $31 million. A large number of claims for cash instead of credit monitoring means only one thing: each person who takes the money option will wind up only getting a small amount of money. Nowhere near the $125 they could have gotten if there hadn?t been such an enormous number of claims filed.

So, if you haven?t submitted your claim yet, think about opting for the free credit monitoring instead. Frankly, the free credit monitoring is worth a lot more ? the market value would be hundreds of dollars a year.

Of course, the proper response to this is for the FTC to recognize that a $31 million pot for settlements here was way too small. Remember, this is the same organization that was being criticized for “only” dinging Facebook for $5 billion for privacy violations that one could argue were significantly less egregious and damaging as Equifax’s breach. The fact that the FTC thinks its job here is now to act as PR shop for Equifax, rather than to maybe go back to the drawing board is pretty telling.

As law professor James Grimmelmann notes, the response to all of this (anger, hatred) certainly suggests that the court should not approve this settlement:

This is pretty damning towards the FTC. If they built a settlement structure that only works if few of the people impacted claim it, then the settlement is objectively ridiculous. Either users who had their data leaked deserve $125 or they don’t. The entire structure of setting up a $31 million pool, such that if the people impacted actually claim their money they get less of it, is just mindbogglingly pointless.

Filed Under: , , , , ,
Companies: equifax

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “The FTC's Settlement With Equifax Is Such A Joke, The FTC Is Now Begging You Not To Ask For A Cash Settlement”

Subscribe: RSS Leave a comment
78 Comments
Anonymous Coward says:

Re: You could save Hundreds by signing up NOW

$7/month multiplied by either 60 or 120 months is a value of $420 or $840, which does qualify as "hundreds of dollars." If we wanted to be pedantic about it, we might calculate the net present value of those future payments, but even applying a 10% discount rate we still end up with $234 on the low end, which still qualifies as "hundreds of dollars."

I mean, the settlement is a joke, but the credit monitoring is technically worth what they’re claiming it’s worth.

Anonymous Coward says:

Re: Re: You could save Hundreds by signing up NOW

"credit monitoring is technically worth what they’re claiming it’s worth"

Assuming the service is actually doing anything at all for you, then maybe. however, I do not see technical details outlining exactly how they protect you from the nefarious activities that they like to scare you with in their tv ads.

Anonymous Coward says:

Re: Re: You could save Hundreds by signing up NOW

The first subscription credit monitoring you sign up for is worth that. The second is absolutely worthless as is the third. As mentioned in the article, who in the US does not already have free credit monitoring from at least one of the major breaches that keep happening?

And how the hell is $125 adequate compensation for even the least of evils to come from such a breach? I hope the most affected people recuse themselves from this joke of a settlement and directly sue Equifax for a much more robust and appropriate sum.

Anonymous Coward says:

Re: You could save Hundreds by signing up NOW

I never authorize these idiots to have and house any information about me. They never had a right to be collecting it to begin with. And then they breach data about me and any terrorist or enemy can have access to it X 100 million people? These people should be swinging from yardarms.

That One Guy (profile) says:

'What do you mean the wrist slap was still too high for them?'

A security breach that was so large that if all those impacted demanded a whopping $125 out of a thirty-one million dollar pot there wouldn’t be enough, and rather than realize that this just demonstrates how pathetically low the fine was the FTC, the very agency that you would hope would be on the side of the public, goes to bat for the company to try to convince people to pick the non-cash option that you can be damn sure costs Equifax significantly less than $125…

Oh yeah, way to show just how concerned they are with protecting the public from malicious and/or indifference from the very companies they are supposedly meant to keep in check.

Bruce C. says:

Re: 'What do you mean the wrist slap was still too high for them

And, remember folks, this is the agency that Ajit Pai thinks can regulate the ISP industry.

Democrats need to remember that the free market can work.

Republicans need to remember that the free market can’t work unless there is a government willing and able to create and maintain the conditions required for a viable free market:
participants have roughly equal power in the market,
participants have equal knowledge about the products on offer.
AND participants are aware of and resistant to psychological manipulations like the sunk-cost fallacy.

Mason Wheeler (profile) says:

Re: Re: 'What do you mean the wrist slap was still too high for

Yes, exactly this. As I’ve been saying for years now, free market principles only work when conditions of freedom exist in the marketplace, and the most significant freedom is the freedom of a buyer to choose between meaningful competitors. Without that, the free market breaks down and you end up with a dysfunctional system better described by other models.

Thad (profile) says:

Re: Re: 'What do you mean the wrist slap was still too high for

Democrats need to remember that the free market can work.

I mean, if we’re gonna do the bothsiderism thing, I’d point out that Democratic economic policy has been pretty goddamn neoliberal since the Clinton Administration. Democrats don’t need to be reminded to privatize and deregulate; if anything, they could use a reminder to do that shit less than they’ve been doing it for the past 25+ years.

Republicans need to remember that the free market can’t work unless there is a government willing and able to create and maintain the conditions required for a viable free market:
participants have roughly equal power in the market,
participants have equal knowledge about the products on offer.
AND participants are aware of and resistant to psychological manipulations like the sunk-cost fallacy.

And how do you handle a market where the affected class is not the customer?

Ain’t nobody whose private information got leaked in the Equifax breach because they chose Equifax as their credit monitoring agency. This is a textbook case of an externality. Free markets have nothing to do with it. I’m not an Equifax customer; I can’t choose to take my business somewhere else.

Anonymous Coward says:

Re: Re: Re: 'What do you mean the wrist slap was still too high

"I’m not an Equifax customer; I can’t choose to take my business somewhere else."

To use some of that yummy intellectual property logic …
They stole my personal information and gave it to hackers who defrauded several places of business, and now those businesses who are victims of fraud think they can demand money from me. How does that work? I suppose it only works on those who cannot defend themselves. Sweet – like shooting fish in a barrel.

Thad (profile) says:

Re: Re:

It’s not that Equifax can’t afford to pay the bill; the price of the bill is already set at $31 million. More claims won’t increase that pot; it will reduce the share that each individual claimant gets.

But you’re right: everyone should still take the cash. Even if it winds up being pennies instead of $125. Make Equifax write that check and pay for a stamp to send it to you. It’s not just about getting recompense for the violation; it’s about making sure Equifax is forced to pay out the maximum.

And ideally, yes, the court should reject this offer and direct the FTC to renegotiate the deal so that it’s more than $31 million.

Anonymous Coward says:

Re: Re:

If 100 million people sign up for the cash they won’t each get $125. The payout pool is $31mm and will be divided up evenly among all those who took the cash option, up to a max of $125 per person. With 147mm claimants (so far) the actual payout per person won’t be worth as much as the postage to mail them the check.

Anonymous Coward says:

Re: Re:

FTC can’t shut down Equifax (or any other US corporation, for that matter).

The biggest reason is because Equifax is the primary supplier of information to the Internal Revenue Service, which rewarded Equifax with a contract extension mere months after the breach was reported.

When a US company has this type of cozy relationship with our government, there’s no such thing as "illegal".

Berenerd (profile) says:

Lets do some math...

31000000/125= 248,000

So they were only banking on a quarter of a million people wanting cash over having the company who screwed up watch their credit for them.
When doing math, please make sure your imagination is not included in your arithmetic. Even Trump couldn’t get 50% of the vote, how do you think you would?

Anonmylous says:

Re: Re: Lets do some math...

I’m only pointing this out because its even more absurd. You’re off by 2 decimal places. Its 0.0017%. A vanishingly small number. An absurd number. If 100% of the victims wanted cash, that is 21 cents each.

21 cents.

The pool should have been far far larger, anyone with basic math skills can see that whether they have your number or mine! Then there is the fact that this same pool is supposed to compensate those who had to take steps to recover their identity as well. "(2) up to $20,000 in other cash payments for time and money spent preventing or recovering from identity theft because of the data breach"

Out of the same $31 million dollar pool. Though we know of course that proving your Identity Theft was actually related to the Equifax breach is almost impossible so they never intended to cover those expenses anyways. The tiny pool just proves it.

cynoclast (profile) says:

Re: Lets do some math...

Trump and Hillary both got ~26% of available votes. That is, they both got about 50% of the popular vote, but which was only about 40% of eligible voters.

So while it’s true that Trump couldn’t get 50% of the vote, nobody (including Hiillary) did either. Both of them, with the entire establishment media behind them could barely manage a quarter.

What legitimacy does any POTUS have with barely a quarter of eligible voters? I would argue that that is 75% of the country not supporting them. And now apply this to past and future POTUSes.

Thad (profile) says:

Re: Re: Lets do some math...

You’re off by a few points.

Clinton got 48.2% of the popular vote, Trump got 46.1%, and turnout was 60.2% of eligible voters. That puts Clinton around 29% of eligible voters and Trump at about 28%. For the overall population (including people not eligible to vote), they’re closer to 20% and 19%, respectively.

Anonymous Coward says:

Re: Re: Re: Lets do some math...

What is really depressing is that 60.2% turnout number was high compared to many prior years. Not sure how any politician can say with straight face that they have received a mandate when so many eligible voters decide to not vote or are not allowed to vote. When they say The People Have Spoken, they are not talking about those who did not vote. Perhaps there should be a choice called None Of the Above.

Zombie Hunter says:

Re: mbie Hunter ZOMBIES are coming out again! SIX ODD ONES today.

cynoclast: 8 (<3), 2 year gap; May 26th, 2016 https://www.techdirt.com/user/cynoclast

TWO, ONE FOURTH, of its comments in three years on this page which has little interest and no real controversy!

d blevins or dblevins or dave blevins: 108 (8), 27 month gap after first (both one-liners), OLDEST KNOWN account: 3 Sep 2004 https://www.techdirt.com/user/dblevins

Even less interested of late, to 2015 first page, so down to 5 a year.

2nd:

Crazy Hong Kong Monkey: 14 (2), 3 year gap after 1st; Jul 12th, 2012 https://www.techdirt.com/user/crazyhongkongmonkey

Federico: 37 (12), 2 year gap after first, 2 Sep 2016 https://www.techdirt.com/user/nemo_bis

With 37 comments in almost exactly 3 years is now so engaged that used "First Word".

3rd (note 3 and 4 both date from 2009!):

Paul Alan Levy: 132 (13), down to 2 a year; 17 Nov 2009 https://www.techdirt.com/user/paulalanlevy

4th (included because ten years old yet mostly bland Techdirt-orthodox one-liners, never into controversy):

Ed: 269 (27 actually increasing this year), 2 Jun 2009 https://www.techdirt.com/user/fuzi719

Anonymous Coward says:

much the same sort of thing that happens in the USA with any company. regardless of whether it’s a government body involved or not, nothing that is too debilitating is ever the sentence. if it was a member of the public involved, however, all hell would be let loose! the DoJ would be all over him/her like a rash demanding millions of dollars in compensation as well as locking the poor fucker up for 10 lifetimes!!

Anonymous Coward says:

Ftc is now ultra light touch regulation,
the fine is so small it sends a message , big companys do not worry
about customer security , its cheaper to pay a fine if you get hacked .
Theres no need to spend money on real security of user files ,
equifax is a worse case because you do not get a choice ,they get your data when you take out a loan . , at least with facebook you have to sign up ,make an account
and give them your information.

Anonymous Coward says:

I'd happily forgo the $125 payment in lieu of...

Them agreeing to actual costs, up to a huge limit (say, $1mm / person) for cleaning up their mess. No time limit, either. If a bad actor sits on my data for a decade, then abuses it, the hypothetical coverage should still apply.

Disputes about proof to be resolved to the satisfaction of a court, not by the Equifax lawyers or their cheerleaders at the FTC.

Zombie Hunter says:

Re: ZOMBIES are coming out again! SIX ODD ONES today.

I’ll just put all on each of the ODD comments so the hypothetical new and reasonable reader can SEE isn’t just isolated incident:

cynoclast: 8 (<3), 2 year gap; May 26th, 2016 https://www.techdirt.com/user/cynoclast

TWO, ONE FOURTH, of its comments in three years on this page which has little interest and no real controversy!

d blevins or dblevins or dave blevins: 108 (8), 27 month gap after first (both one-liners), OLDEST KNOWN account: 3 Sep 2004 https://www.techdirt.com/user/dblevins

Even less interested of late, to 2015 first page, so down to 5 a year.

2nd:

Crazy Hong Kong Monkey: 14 (2), 3 year gap after 1st; Jul 12th, 2012 https://www.techdirt.com/user/crazyhongkongmonkey

Federico: 37 (12), 2 year gap after first, 2 Sep 2016 https://www.techdirt.com/user/nemo_bis

With 37 comments in almost exactly 3 years is now so engaged that used "First Word".

3rd (note 3 and 4 both date from 2009!):

Paul Alan Levy: 132 (13), down to 2 a year; 17 Nov 2009 https://www.techdirt.com/user/paulalanlevy

4th (included because ten years old yet mostly bland Techdirt-orthodox one-liners, never into controversy):

Ed: 269 (27 actually increasing this year), 2 Jun 2009 https://www.techdirt.com/user/fuzi719

Jeremy Lyman (profile) says:

The entire structure of setting up a $31 million pool, such that if the people impacted actually claim their money they get less of it, is just mindbogglingly pointless.

Which has pretty much been my opinion of class action suits for a while now. They exist to penalize a wrongful party, but not to offer remuneration to those who were wronged.

David says:

Re: Hosed

After seeing the agreement worked out with the FTC, I felt shafted…AGAIN. The FTC should be sued for agreeing to such a shitty settlement.

Well, that’s what to expect when hiring a fox to guard the hen house. Or a telcom lobbyist for regulating the telcom industry on behalf of consumers.

It came as a shock to the industry when nevertheless Tom Wheeler actually took guarding the hen house seriously. So naturally the Trump administration had to look for a candidate who was so obviously and openly corrupt that this mishap would definitely not repeat.

And with Ajit Pai, they found him.

Cris says:

Please keep these numbers in mind: Equifax annual revenue for 2018 was $3.412B, a 1.48% increase from 2017. Equifax annual revenue for 2017 was $3.362B, a 6.91% increase from 2016. It is estimated that their CEO Mark Begor made $20,013,712 in total compensation since being appointed in 2018. Of this total $1,009,615 was received as a salary, $806,833 was received as a bonus, $3,372,803 was received in stock options, $14,473,853 was awarded as stock and $350,608 came from other types of compensation.

logical-unit-738 (profile) says:

I think most (if not all) of the credit cards I have offer credit monitoring of some sort, so the offer of more credit monitoring is worthless. I’m guessing a lot of people have this option available and have just never used it. I’m pretty sure I was eligible for other monitoring offers from the Home Depot and Lucent breaches as well, but yeah again, I already have it.

I think the only problem I’ve had with data breaches was the LinkedIn one, and only because one of those "I saw you watching porn, send me bitcoin" scammers sent me an email with the old password demanding said bitcoin. Nice try.

Add Your Comment

Your email address will not be published.

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...
Loading...