The FTC's Settlement With Equifax Is Such A Joke, The FTC Is Now Begging You Not To Ask For A Cash Settlement
from the say-what-now dept
Last week there was a bit of news as the FTC released a proposed settlement between the FTC and Equifax over the data brokers’ massive security breach that came to light nearly two years ago. We had already noted that the FTC’s way of dealing with Equifax seemed particularly tone deaf, but it’s getting worse. Much worse. As you may have heard, part of the “settlement” with Equifax is that you could sign up to get $125 from the company (or possibly more). It was either that or free credit monitoring. But, come on: everyone already has so many “free credit monitoring” services from previous breaches that this is a totally meaningless offer. It also costs nothing for Equifax.
So, over the past week or so a ton of (helpful) news sites have been posting explainers on how to get your $125. Except… apparently too many people signed up and now the FTC is helping Equifax by telling people not to ask for money from the company any more. First, the FTC literally deleted that option from its website:
Equifax just removed the $125 claim payout option after millions submitted claims. Now it's offering credit monitoring. Don't worry, Equifax says, this is really a "much better value." https://t.co/DsBqg7oP1B pic.twitter.com/vLuFNXsENp
— Laura Sullivan (@LauraSullivaNPR) July 31, 2019
Then, it posted a blog post and a statement both of which encourage people not to ask for money — and arguing that the credit monitoring that no one needs is a “better deal.”
The public response to the settlement has been overwhelming, and we?re delighted that millions of people have visited ftc.gov/Equifax and gone on to the settlement website?s claims form.
But there?s a downside to this unexpected number of claims. First, though, the good: all 147 million people can ask for and get free credit monitoring. There?s also the option for people who certify that they already have credit monitoring to claim up to $125 instead. But the pot of money that pays for that part of the settlement is $31 million. A large number of claims for cash instead of credit monitoring means only one thing: each person who takes the money option will wind up only getting a small amount of money. Nowhere near the $125 they could have gotten if there hadn?t been such an enormous number of claims filed.
So, if you haven?t submitted your claim yet, think about opting for the free credit monitoring instead. Frankly, the free credit monitoring is worth a lot more ? the market value would be hundreds of dollars a year.
Of course, the proper response to this is for the FTC to recognize that a $31 million pot for settlements here was way too small. Remember, this is the same organization that was being criticized for “only” dinging Facebook for $5 billion for privacy violations that one could argue were significantly less egregious and damaging as Equifax’s breach. The fact that the FTC thinks its job here is now to act as PR shop for Equifax, rather than to maybe go back to the drawing board is pretty telling.
As law professor James Grimmelmann notes, the response to all of this (anger, hatred) certainly suggests that the court should not approve this settlement:
The overwhelming response seems like a good indication that the proposed settlement is not fair, reasonable, and adequate, and that the court should reject it. Objections are due by November 19, and there is a fairness hearing on December 19. https://t.co/sAAxvhnlaT https://t.co/gfpFIYuM6M
— James Grimmelmann (@grimmelm) July 31, 2019
This is pretty damning towards the FTC. If they built a settlement structure that only works if few of the people impacted claim it, then the settlement is objectively ridiculous. Either users who had their data leaked deserve $125 or they don’t. The entire structure of setting up a $31 million pool, such that if the people impacted actually claim their money they get less of it, is just mindbogglingly pointless.
Filed Under: breach, cash, credit monitoring, fines, ftc, privacy
Companies: equifax
Comments on “The FTC's Settlement With Equifax Is Such A Joke, The FTC Is Now Begging You Not To Ask For A Cash Settlement”
You could save Hundreds by signing up NOW
Since when is "Free" credit monitoring worth "Hundreds" of dollars? It’s like $7 a month from most places and I get it free with services I already have. $31 mil settlement is a joke.
Good thing the FTC is looking out for consumers!
Re: You could save Hundreds by signing up NOW
$7/month multiplied by either 60 or 120 months is a value of $420 or $840, which does qualify as "hundreds of dollars." If we wanted to be pedantic about it, we might calculate the net present value of those future payments, but even applying a 10% discount rate we still end up with $234 on the low end, which still qualifies as "hundreds of dollars."
I mean, the settlement is a joke, but the credit monitoring is technically worth what they’re claiming it’s worth.
Re: Re: You could save Hundreds by signing up NOW
"credit monitoring is technically worth what they’re claiming it’s worth"
Assuming the service is actually doing anything at all for you, then maybe. however, I do not see technical details outlining exactly how they protect you from the nefarious activities that they like to scare you with in their tv ads.
Re: Re: Re: You could save Hundreds by signing up NOW
no it’s not you ignorant asshole
Re: Re: You could save Hundreds by signing up NOW
The first subscription credit monitoring you sign up for is worth that. The second is absolutely worthless as is the third. As mentioned in the article, who in the US does not already have free credit monitoring from at least one of the major breaches that keep happening?
And how the hell is $125 adequate compensation for even the least of evils to come from such a breach? I hope the most affected people recuse themselves from this joke of a settlement and directly sue Equifax for a much more robust and appropriate sum.
Re: Re: Re: You could save Hundreds by signing up NOW
$125 is the amount you receive just by registering.
If the breach caused you any other harm, you can apply for a higher amount.
Re: Re: Re: You could save Hundreds by signing up NOW
our government fucking us, what a shock
Re: Re: You could save Hundreds by signing up NOW
That is technically true but I had assumed the free offer was only for one year so my mistake if the offer is good for 120 months.
Re: Re: You could save Hundreds by signing up NOW
"but the credit monitoring is technically worth what they’re claiming it’s worth"
No, it isn’t. They didn’t just say it’s worth hundreds of dollars. They specifically said "hundreds of dollars a year". It’s a complete lie.
Re: Re: Re: You could save Hundreds by signing up NOW
You are correct – the fine print says it’s worth hundreds per year. And it may last "as long as" four years whatever that means.
Re: Re: Re:2 You could save Hundreds by signing up NOW
The fine print points out that the credit monitoring from silk three major credit bureaus only lasts "up to four years" but the Equifax monitoring is for the full ten.
Re: Re: Re: You could save Hundreds by signing up NOW
Now I understand why they only had reserved $31 million for a (potentially) 100 million * $125 payout. Equifax must be incapable of doing even the simplest calculations.
Re: Re: You could save Hundreds by signing up NOW
It literally says "hundreds of dollars a year". So no, its not.
Re: You could save Hundreds by signing up NOW
I never authorize these idiots to have and house any information about me. They never had a right to be collecting it to begin with. And then they breach data about me and any terrorist or enemy can have access to it X 100 million people? These people should be swinging from yardarms.
Re: Re: You could save Hundreds by signing up NOW
thank your government, they let it go on. Now they’ve worked with equifax to fuck us. Shocker? Nope
'What do you mean the wrist slap was still too high for them?'
A security breach that was so large that if all those impacted demanded a whopping $125 out of a thirty-one million dollar pot there wouldn’t be enough, and rather than realize that this just demonstrates how pathetically low the fine was the FTC, the very agency that you would hope would be on the side of the public, goes to bat for the company to try to convince people to pick the non-cash option that you can be damn sure costs Equifax significantly less than $125…
Oh yeah, way to show just how concerned they are with protecting the public from malicious and/or indifference from the very companies they are supposedly meant to keep in check.
Re: 'What do you mean the wrist slap was still too high for them
And, remember folks, this is the agency that Ajit Pai thinks can regulate the ISP industry.
Democrats need to remember that the free market can work.
Republicans need to remember that the free market can’t work unless there is a government willing and able to create and maintain the conditions required for a viable free market:
participants have roughly equal power in the market,
participants have equal knowledge about the products on offer.
AND participants are aware of and resistant to psychological manipulations like the sunk-cost fallacy.
Re: Re: 'What do you mean the wrist slap was still too high for
Yes, exactly this. As I’ve been saying for years now, free market principles only work when conditions of freedom exist in the marketplace, and the most significant freedom is the freedom of a buyer to choose between meaningful competitors. Without that, the free market breaks down and you end up with a dysfunctional system better described by other models.
Re: Re: Re: 'What do you mean the wrist slap was still too high
Yes, although many business types look at it from a different pov. To them, the free market means they are free to do whatever they please and the market has to suck it up.
Re: Re: 'What do you mean the wrist slap was still too high for
I mean, if we’re gonna do the bothsiderism thing, I’d point out that Democratic economic policy has been pretty goddamn neoliberal since the Clinton Administration. Democrats don’t need to be reminded to privatize and deregulate; if anything, they could use a reminder to do that shit less than they’ve been doing it for the past 25+ years.
And how do you handle a market where the affected class is not the customer?
Ain’t nobody whose private information got leaked in the Equifax breach because they chose Equifax as their credit monitoring agency. This is a textbook case of an externality. Free markets have nothing to do with it. I’m not an Equifax customer; I can’t choose to take my business somewhere else.
Re: Re: Re: 'What do you mean the wrist slap was still too high
"I’m not an Equifax customer; I can’t choose to take my business somewhere else."
To use some of that yummy intellectual property logic …
They stole my personal information and gave it to hackers who defrauded several places of business, and now those businesses who are victims of fraud think they can demand money from me. How does that work? I suppose it only works on those who cannot defend themselves. Sweet – like shooting fish in a barrel.
Re: Re: 'What do you mean the wrist slap was still too high for
Uhh this is the FTC not FCC, idiot.
Re: Re: Re: 'What do you mean the wrist slap was still too high
You are not very good at reading, are ya? Go and re-read the first two sentences of the post to which you replied.
Re: 'What do you mean the wrist slap was still too high for them
In the same way people are letting google be spies in this world that is equifax with your data they were never authorize by the people who ARE THAT DATA to collect and store.
Re: Re: 'What do you mean the wrist slap was still too high for
Equifax should be getting 100 million dollar lawsuit after lawsuit until they just commit harikari.
Everyone should take the cash. If Equifax can’t afford to pay the bill, the FTC should shut it down. Simple as that.
Re: Re:
Or, like anyone else who can’t pay their bills, Equifax can declare bankruptcy. But don’t worry, the credit agencies will remove that bankruptcy from Equifax’s credit report after 7 years.
Re: Re: Re:
A fixed comparatively low sum for serving all debtors who happen to turn up sure sounds like a bankruptcy proceeding to me.
Basically, this is a declaration of bankruptcy, except for the disadvantages.
Re: Re:
That’s not going to shut them down. If everyone takes the cash under the current settlement, we’ll all get 21 cents each. There are no repercussions for Equifax or for the FTC that’s coddling them.
Re: Re:
It’s not that Equifax can’t afford to pay the bill; the price of the bill is already set at $31 million. More claims won’t increase that pot; it will reduce the share that each individual claimant gets.
But you’re right: everyone should still take the cash. Even if it winds up being pennies instead of $125. Make Equifax write that check and pay for a stamp to send it to you. It’s not just about getting recompense for the violation; it’s about making sure Equifax is forced to pay out the maximum.
And ideally, yes, the court should reject this offer and direct the FTC to renegotiate the deal so that it’s more than $31 million.
Re: Re: Re:
So Equifax should be sued for false advertising then. They said $125.
Re: Re:
If 100 million people sign up for the cash they won’t each get $125. The payout pool is $31mm and will be divided up evenly among all those who took the cash option, up to a max of $125 per person. With 147mm claimants (so far) the actual payout per person won’t be worth as much as the postage to mail them the check.
Re: Re:
FTC can’t shut down Equifax (or any other US corporation, for that matter).
The biggest reason is because Equifax is the primary supplier of information to the Internal Revenue Service, which rewarded Equifax with a contract extension mere months after the breach was reported.
When a US company has this type of cozy relationship with our government, there’s no such thing as "illegal".
Lets do some math...
31000000/125= 248,000
So they were only banking on a quarter of a million people wanting cash over having the company who screwed up watch their credit for them.
When doing math, please make sure your imagination is not included in your arithmetic. Even Trump couldn’t get 50% of the vote, how do you think you would?
Re: Lets do some math...
If I did the math correctly that is an assumption that approximately 0.17% of the affected people would choose the cash option. 248.000 payouts/147,000,000 people affected.
Re: Re: Lets do some math...
I’m only pointing this out because its even more absurd. You’re off by 2 decimal places. Its 0.0017%. A vanishingly small number. An absurd number. If 100% of the victims wanted cash, that is 21 cents each.
21 cents.
The pool should have been far far larger, anyone with basic math skills can see that whether they have your number or mine! Then there is the fact that this same pool is supposed to compensate those who had to take steps to recover their identity as well. "(2) up to $20,000 in other cash payments for time and money spent preventing or recovering from identity theft because of the data breach"
Out of the same $31 million dollar pool. Though we know of course that proving your Identity Theft was actually related to the Equifax breach is almost impossible so they never intended to cover those expenses anyways. The tiny pool just proves it.
Re: Re: Re: Lets do some math...
Anonymous Coward is correct, it is 0.17% or 0.0017 – not 0.0017%. 1.0 = 100%
Re: Re: Re: Lets do some math...
The $31 Million dollar pool is only for the $125 payout, substantiated claims come from a different pool.
Re: Lets do some math...
Trump and Hillary both got ~26% of available votes. That is, they both got about 50% of the popular vote, but which was only about 40% of eligible voters.
So while it’s true that Trump couldn’t get 50% of the vote, nobody (including Hiillary) did either. Both of them, with the entire establishment media behind them could barely manage a quarter.
What legitimacy does any POTUS have with barely a quarter of eligible voters? I would argue that that is 75% of the country not supporting them. And now apply this to past and future POTUSes.
Re: Re: Lets do some math...
You’re off by a few points.
Clinton got 48.2% of the popular vote, Trump got 46.1%, and turnout was 60.2% of eligible voters. That puts Clinton around 29% of eligible voters and Trump at about 28%. For the overall population (including people not eligible to vote), they’re closer to 20% and 19%, respectively.
Re: Re: Re: Lets do some math...
What is really depressing is that 60.2% turnout number was high compared to many prior years. Not sure how any politician can say with straight face that they have received a mandate when so many eligible voters decide to not vote or are not allowed to vote. When they say The People Have Spoken, they are not talking about those who did not vote. Perhaps there should be a choice called None Of the Above.
Re: Re: Re:2 Lets do some math...
Or, mad idea, give something better than Dumb and Dumber to vote for. The two-party system is profoundly undemocratic. Better to have proportional representation so people can vote for the people they want, not the least worst choice between two dysfunctional parties.
how many already have free monitoring?
After all, it’s not like it’s the first time……
Many undoubtedly already have free credit monitoring from previous leaks
Re: So?
If the roof is leaking, signing up for a single bucket will not get you far.
Re: Re: So?
They offer a bucket when a new roof is needed.
Re: Re: So?
So it’s better to have multiple buckets stacked under every hole, just in case, eh?
Pool's for fines STINK
In the future NO POOL to draw upon make it a per person fine: in this case, fine is $125 per person for ALL WHO WERE EFFECTED. 147,000,000 * $125 = $18.375 Billion
Re: mbie Hunter ZOMBIES are coming out again! SIX ODD ONES today.
cynoclast: 8 (<3), 2 year gap; May 26th, 2016 https://www.techdirt.com/user/cynoclast
TWO, ONE FOURTH, of its comments in three years on this page which has little interest and no real controversy!
d blevins or dblevins or dave blevins: 108 (8), 27 month gap after first (both one-liners), OLDEST KNOWN account: 3 Sep 2004 https://www.techdirt.com/user/dblevins
Even less interested of late, to 2015 first page, so down to 5 a year.
2nd:
Crazy Hong Kong Monkey: 14 (2), 3 year gap after 1st; Jul 12th, 2012 https://www.techdirt.com/user/crazyhongkongmonkey
Federico: 37 (12), 2 year gap after first, 2 Sep 2016 https://www.techdirt.com/user/nemo_bis
With 37 comments in almost exactly 3 years is now so engaged that used "First Word".
3rd (note 3 and 4 both date from 2009!):
Paul Alan Levy: 132 (13), down to 2 a year; 17 Nov 2009 https://www.techdirt.com/user/paulalanlevy
4th (included because ten years old yet mostly bland Techdirt-orthodox one-liners, never into controversy):
Ed: 269 (27 actually increasing this year), 2 Jun 2009 https://www.techdirt.com/user/fuzi719
Re: Re: so many voices in your head.
And some people still say you don’t have paranoid schizophrenia.
Re: Re: Re: so many voices in your head.
Who could possibly say that with a straight face?
much the same sort of thing that happens in the USA with any company. regardless of whether it’s a government body involved or not, nothing that is too debilitating is ever the sentence. if it was a member of the public involved, however, all hell would be let loose! the DoJ would be all over him/her like a rash demanding millions of dollars in compensation as well as locking the poor fucker up for 10 lifetimes!!
Re: Re:
This all started way back in the 1800’s when companies could incorporate and have limited liability.
Re: Re: Re:
Back then they had a limited lifespan of 50 years max. Now they are immortal people
I bet all the people who signed up are also going to start getting a ton of spam offering Equifax’s services.
It is even worse than that. See the screenshot below:
https://imgur.com/a/TIXHNzE
You can’t even select the cash option without already having a credit monitoring service.
Ftc is now ultra light touch regulation,
the fine is so small it sends a message , big companys do not worry
about customer security , its cheaper to pay a fine if you get hacked .
Theres no need to spend money on real security of user files ,
equifax is a worse case because you do not get a choice ,they get your data when you take out a loan . , at least with facebook you have to sign up ,make an account
and give them your information.
Re: Re:
The whole banking industry needs to be defeated. Amorticization is so corrupt. Nobody should ever have agreed to allow themselves to be hornswoggled by those canivers.
I'd happily forgo the $125 payment in lieu of...
Them agreeing to actual costs, up to a huge limit (say, $1mm / person) for cleaning up their mess. No time limit, either. If a bad actor sits on my data for a decade, then abuses it, the hypothetical coverage should still apply.
Disputes about proof to be resolved to the satisfaction of a court, not by the Equifax lawyers or their cheerleaders at the FTC.
147M x 125USD = $18,375,000,000.00
The settlement pool should be 18,375,000,000.00 USD, because that’s how math works. If that puts Equifax out of business, then so be it.
Re: ZOMBIES are coming out again! SIX ODD ONES today.
I’ll just put all on each of the ODD comments so the hypothetical new and reasonable reader can SEE isn’t just isolated incident:
cynoclast: 8 (<3), 2 year gap; May 26th, 2016 https://www.techdirt.com/user/cynoclast
TWO, ONE FOURTH, of its comments in three years on this page which has little interest and no real controversy!
d blevins or dblevins or dave blevins: 108 (8), 27 month gap after first (both one-liners), OLDEST KNOWN account: 3 Sep 2004 https://www.techdirt.com/user/dblevins
Even less interested of late, to 2015 first page, so down to 5 a year.
2nd:
Crazy Hong Kong Monkey: 14 (2), 3 year gap after 1st; Jul 12th, 2012 https://www.techdirt.com/user/crazyhongkongmonkey
Federico: 37 (12), 2 year gap after first, 2 Sep 2016 https://www.techdirt.com/user/nemo_bis
With 37 comments in almost exactly 3 years is now so engaged that used "First Word".
3rd (note 3 and 4 both date from 2009!):
Paul Alan Levy: 132 (13), down to 2 a year; 17 Nov 2009 https://www.techdirt.com/user/paulalanlevy
4th (included because ten years old yet mostly bland Techdirt-orthodox one-liners, never into controversy):
Ed: 269 (27 actually increasing this year), 2 Jun 2009 https://www.techdirt.com/user/fuzi719
Re: Re: Blues balls are falling off
“hypothetical new and reasonable reader“
Sorry it’s just us 27 Bangladeshis.
Re: 147M x 125USD = $18,375,000,000.00
$$18billion should put the democrats out of business.
Which has pretty much been my opinion of class action suits for a while now. They exist to penalize a wrongful party, but not to offer remuneration to those who were wronged.
Re: Re:
Course, this one fails on both counts, as it’s really not much of a penalty.
Shouldn’t there be an option for monitoring Equifax? I, mean, all things considered…..
Is Equifax considered to be a state actor?
lol
FTC. Favor the corporations, fuck the country.
Hosed
After seeing the agreement worked out with the FTC, I felt shafted…AGAIN. The FTC should be sued for agreeing to such a shitty settlement.
Re: Hosed
Well, that’s what to expect when hiring a fox to guard the hen house. Or a telcom lobbyist for regulating the telcom industry on behalf of consumers.
It came as a shock to the industry when nevertheless Tom Wheeler actually took guarding the hen house seriously. So naturally the Trump administration had to look for a candidate who was so obviously and openly corrupt that this mishap would definitely not repeat.
And with Ajit Pai, they found him.
Re: Re: Hosed
That is the FCC not the FTC
Please keep these numbers in mind: Equifax annual revenue for 2018 was $3.412B, a 1.48% increase from 2017. Equifax annual revenue for 2017 was $3.362B, a 6.91% increase from 2016. It is estimated that their CEO Mark Begor made $20,013,712 in total compensation since being appointed in 2018. Of this total $1,009,615 was received as a salary, $806,833 was received as a bonus, $3,372,803 was received in stock options, $14,473,853 was awarded as stock and $350,608 came from other types of compensation.
I think most (if not all) of the credit cards I have offer credit monitoring of some sort, so the offer of more credit monitoring is worthless. I’m guessing a lot of people have this option available and have just never used it. I’m pretty sure I was eligible for other monitoring offers from the Home Depot and Lucent breaches as well, but yeah again, I already have it.
I think the only problem I’ve had with data breaches was the LinkedIn one, and only because one of those "I saw you watching porn, send me bitcoin" scammers sent me an email with the old password demanding said bitcoin. Nice try.
Judges, again
The judge should not have agreed to this.
Once again, the judicial branch has failed to perform its job.
Re: Judges, again
The judge hasn’t agreed to it yet. As noted in the article.
Re: Re: Judges, again
Assuming a judge rightly points out how absurd the amount is given the number of people impacted and the severity of the breach, will it basically be like a higher court telling a lower court ‘try again’, with the FTC having to come up with a new settlement amount(ideally one that’s actually proportional)?
Re: Re: Judges, again
When the judge’s mule dies, everyone goes to the funeral; when the judge himself dies, no one does.
Bdtter solution
Increase pool in proportion to respondants. 1 billion should work
Re: Good idea, but not nearly a high enough number
Even a billion would be woefully short actually, as several others have pointed out for all those impacted to get their $125 the fine would have to be raised to a hefty $18.375 billion.