Equifax Victims Jump Through Hoops To Nab Settlement Money They Won't Get Anyway

from the dysfunction-junction dept

So we've noted that the FTC's settlement over the Equifax hack that exposed the public data of 147 million Americans is a bit of a joke. The FTC originally promised that impacted users would be able to nab 10 years of free credit reporting or a $125 cash payout if users already subscribed to a credit reporting service. But it didn't take long for the government to backtrack, claiming it was surprised by the number of victims interested in modest compensation, while admitting the settlement failed to set aside enough money to pay even 248,000 of the hack's 147 million victims.

This week, the Equifax Settlement Administrator sent out an email doubling down on the dysfunction, demanding that users who applied for their $125 prove they already have credit monitoring services. Users are being told they need to prove they subscribe to such services by October 15, or they won't get the money. Worse perhaps, the notice reiterates that even if you can prove you subscribe to credit monitoring services, you probably won't get anywhere near $125 because the settlement failed to set aside enough money to fulfill even a fraction of its promise:

"This latest email again reminds users that even if you can prove you have credit reporting already, you still may not get the full $125 thanks to the limitations of the settlement. In response to what it’s calling “overwhelming” demand, the FTC also urges those who submitted a claim for $125 switch to the free credit reporting offer instead."

One problem is that "free credit monitoring" is largely a useless perk. Such services are routinely doled out for free every time there's a major hack or privacy breach, which drop at a rate of around once a week now. Usually these services are included as a settlement freebie to make the settlement itself seem more substantive than it actually is. But the other major problem is that the FTC and its settlement partners gave the impression that users would at least get $125 for their troubles, set aside a tiny fraction of the money they'd need, then acted shocked when users signed up.

Most of the legal experts I've talked to about this say it would have been fairly easy to strike a more productive, less chaotic settlement. Instead of free credit reporting, the settlement could have simply requested victims have their credit reporting temporarily frozen (until needed), something which costs nothing. And while it still may have been underwhelming, the settlement also could have promised individual users a cash payout they could have actually met. The general consensus remains that the settlement, as structured, teeters somewhere between negligence and incompetence:

"James Grimmelmann, a professor of law at Cornell Tech and Cornell Law School told Motherboard the FTC’s failure to predict the public’s interest teeters toward negligence. “Even a single-digit percentage claim rate for this one would have exhausted the $31 million 50 times over,” he says. “It was negligent on the part of the FTC not to expect that more victims would choose the cash payment in a case this prominent and this egregious, instead of the worthless credit monitoring.”

Users can still apply for up to $20,000 in compensation if they can clearly prove the hack directly contributed to concrete harm like identity theft, but by and large the settlement is the poster child for meaningless privacy wrist slaps. Outside of bad press coverage, there's absolutely nothing here that would deter Equifax from future lax security and privacy practices, and consumers get little to compensate them for what is one of the biggest data breaches in American history. The FTC's primary function appears to have been to act as a PR proxy for Equifax's reputation, primarily by pretending the company had been held accountable via a "record" fine, inflated to appear far more meaningful than it actually is.

Filed Under: class action, credit monitoring, ftc, settlement
Companies: equifax


Reader Comments

Subscribe: RSS

View by: Time | Thread


  1. identicon
    Glen, 10 Sep 2019 @ 12:34pm

    I just got that email. Talk about a load of horseshit. Wish there was something I could do about it.


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here



Subscribe to the Techdirt Daily newsletter




Comment Options:

  • Use markdown. Use plain text.
  • Remember name/email/url (set a cookie)

Follow Techdirt
Special Affiliate Offer

Advertisement
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Advertisement
Report this ad  |  Hide Techdirt ads
Recent Stories
Advertisement
Report this ad  |  Hide Techdirt ads

Close

Email This

This feature is only available to registered users. Register or sign in to use it.