Equifax Victims Jump Through Hoops To Nab Settlement Money They Won't Get Anyway

from the dysfunction-junction dept

So we've noted that the FTC's settlement over the Equifax hack that exposed the public data of 147 million Americans is a bit of a joke. The FTC originally promised that impacted users would be able to nab 10 years of free credit reporting or a $125 cash payout if users already subscribed to a credit reporting service. But it didn't take long for the government to backtrack, claiming it was surprised by the number of victims interested in modest compensation, while admitting the settlement failed to set aside enough money to pay even 248,000 of the hack's 147 million victims.

This week, the Equifax Settlement Administrator sent out an email doubling down on the dysfunction, demanding that users who applied for their $125 prove they already have credit monitoring services. Users are being told they need to prove they subscribe to such services by October 15, or they won't get the money. Worse perhaps, the notice reiterates that even if you can prove you subscribe to credit monitoring services, you probably won't get anywhere near $125 because the settlement failed to set aside enough money to fulfill even a fraction of its promise:

"This latest email again reminds users that even if you can prove you have credit reporting already, you still may not get the full $125 thanks to the limitations of the settlement. In response to what it’s calling “overwhelming” demand, the FTC also urges those who submitted a claim for $125 switch to the free credit reporting offer instead."

One problem is that "free credit monitoring" is largely a useless perk. Such services are routinely doled out for free every time there's a major hack or privacy breach, which drop at a rate of around once a week now. Usually these services are included as a settlement freebie to make the settlement itself seem more substantive than it actually is. But the other major problem is that the FTC and its settlement partners gave the impression that users would at least get $125 for their troubles, set aside a tiny fraction of the money they'd need, then acted shocked when users signed up.

Most of the legal experts I've talked to about this say it would have been fairly easy to strike a more productive, less chaotic settlement. Instead of free credit reporting, the settlement could have simply requested victims have their credit reporting temporarily frozen (until needed), something which costs nothing. And while it still may have been underwhelming, the settlement also could have promised individual users a cash payout they could have actually met. The general consensus remains that the settlement, as structured, teeters somewhere between negligence and incompetence:

"James Grimmelmann, a professor of law at Cornell Tech and Cornell Law School told Motherboard the FTC’s failure to predict the public’s interest teeters toward negligence. “Even a single-digit percentage claim rate for this one would have exhausted the $31 million 50 times over,” he says. “It was negligent on the part of the FTC not to expect that more victims would choose the cash payment in a case this prominent and this egregious, instead of the worthless credit monitoring.”

Users can still apply for up to $20,000 in compensation if they can clearly prove the hack directly contributed to concrete harm like identity theft, but by and large the settlement is the poster child for meaningless privacy wrist slaps. Outside of bad press coverage, there's absolutely nothing here that would deter Equifax from future lax security and privacy practices, and consumers get little to compensate them for what is one of the biggest data breaches in American history. The FTC's primary function appears to have been to act as a PR proxy for Equifax's reputation, primarily by pretending the company had been held accountable via a "record" fine, inflated to appear far more meaningful than it actually is.

Filed Under: class action, credit monitoring, ftc, settlement
Companies: equifax


Reader Comments

Subscribe: RSS

View by: Time | Thread


  1. icon
    Anonymous Anonymous Coward (profile), 10 Sep 2019 @ 12:26pm

    ROI

    Even with this shoddy, undervalued settlement, wouldn't it be cheaper to secure their network, rather than undergo the embarrassment (and all the PR costs related to that) and eventual payout when they get hacked.

    Given yesterday's article on Cyber-Insurance, how much of this settlement was controlled by their insurance company, rather than themselves?

    reply to this | link to this | view in thread ]

  2. identicon
    Glen, 10 Sep 2019 @ 12:34pm

    I just got that email. Talk about a load of horseshit. Wish there was something I could do about it.

    reply to this | link to this | view in thread ]

  3. icon
    Thad (profile), 10 Sep 2019 @ 12:38pm

    Re: ROI

    I agree with the general sentiment, but I don't think Equifax has really had to endure much in the way of PR costs.

    Equifax's customers are not the people it harmed. Its stature as a major credit reporting agency has not changed. This is an externality.

    reply to this | link to this | view in thread ]

  4. icon
    Anonymous Anonymous Coward (profile), 10 Sep 2019 @ 12:48pm

    Re: Re: ROI

    I wonder how much information of those buying credit reports on individuals is kept in their database? I wonder how much of that information was exposed, but not reported? If I was buying credit reports from a company with such lousy network security, and was providing sensitive information to them, I would be very concerned.

    By the same token, I wouldn't necessarily suspect that any of the other credit reporting agencies had any better security, and since the FTC let this one off so easily, we shouldn't expect any improvement any time soon. For any of them.

    Now the problem is, which credit reporting agency is the least riskiest?

    reply to this | link to this | view in thread ]

  5. icon
    aerinai (profile), 10 Sep 2019 @ 12:57pm

    Is CCPA required for Equifax?

    Can I have Equifax remove my personal information from their system under CCPA? I mean, TransUnion and Experian can easily pick up the slack. I get that I'd have extra hoops to jump through if I did that, but heck... it'd almost be worth a sustained effort for people to request that they not use their information. Not much of a business if you don't have users!

    reply to this | link to this | view in thread ]

  6. icon
    Anonymous Anonymous Coward (profile), 10 Sep 2019 @ 1:10pm

    Re: Is CCPA required for Equifax?

    "Can I have Equifax remove my personal information from their system under CCPA?"

    Probably not. Now I don't know much about CCPA, but Wikipedia says"

    "Intentions of the Act. The intentions of the Act are to provide California residents with the right to: Know what personal data is being collected about them.; Know whether their personal data is sold or disclosed and to whom."

    Besides, none of us ever signed up with any of the credit reporting agencies, but they have files on us anyway. All of the information they have is from other sources, and it is likely that we never gave any of them permission to create files on us, yet there they are.

    The CCPA seems to require them to tell us what they have, that is if you are a California resident, and possibly make corrections. It would be interesting if they actually started to inform us of each and every request made each and every time a request is made. That might raise the cost of making a request to the point where the requester's might think twice about requesting.

    reply to this | link to this | view in thread ]

  7. identicon
    Anonymous Coward, 10 Sep 2019 @ 1:12pm

    Re: Re: Re: ROI

    Well, at least TransUnion has an agreement with CreditKarma that results in the potential for free credit monitoring on ALL their credit data.

    This also means that it's probably even easier to steal that data from them, however. I see no evidence of 2FA being required to access data, and they don't have an annual privacy report.

    reply to this | link to this | view in thread ]

  8. identicon
    Anonymous Coward, 10 Sep 2019 @ 1:16pm

    Re:

    There are two things you can do:

    1. Jump through the hoops. Doing so will cost Equifax twice the penalty, as the cost of creating and mailing you your check will be just as high as the amount you get.

    2. Send a letter/fax to the FTC AND your federal representatives explaining how this personally impacts you and how it impacts your confidence in the office of the FTC AND your federal representatives who have not held the FTC nor Equifax responsible for this.

    reply to this | link to this | view in thread ]

  9. identicon
    David, 10 Sep 2019 @ 1:32pm

    I propose we pay the FTC personnel $100k yearly or a rectal exam

    Of course they are eligible for a paycheck only if they can present ocular proof that they have already been anally probed. And we set aside $1mil for all the agency's paychecks just to be on the safe side.

    reply to this | link to this | view in thread ]

  10. identicon
    Anonymous Coward, 10 Sep 2019 @ 1:33pm

    You seem to be suggesting that the government is in bed with corporations. That's just crazy.

    reply to this | link to this | view in thread ]

  11. identicon
    Anonymous Coward, 10 Sep 2019 @ 2:20pm

    Re: Re: Is CCPA required for Equifax?

    Governments are complicit in these data breaches when they send personal information to, and receive it from, the credit rating agencies. For example, if you sign up with the local electric company and they check your credit, or if it's used for security checks.

    All of the information they have is from other sources, and it is likely that we never gave any of them permission to create files on us

    It's almost certainly in the fine print somewhere. Forbidding this coerced "consent", and having government agencies cut ties, could do a lot to limit the power and harm of these credit bureaus. If politicians wanted to.

    reply to this | link to this | view in thread ]

  12. icon
    Thad (profile), 10 Sep 2019 @ 2:38pm

    Re: Re: Re: ROI

    I think that's an excellent way of putting it.

    reply to this | link to this | view in thread ]

  13. identicon
    David, 10 Sep 2019 @ 3:22pm

    Re:

    The government would not be in bed with corporations: they are fighters of the pen. Or the sty. I don't remember which of those words applied to the British and which to the Americans.

    reply to this | link to this | view in thread ]

  14. icon
    ECA (profile), 10 Sep 2019 @ 3:23pm

    $18,375,000,000

    $31,000,000 for the 147,000,000 Affected...
    Anyone want $4.74..

    wonder WHO is doing the math, because this is about 3rd-4th grade..

    reply to this | link to this | view in thread ]

  15. icon
    ECA (profile), 10 Sep 2019 @ 3:27pm

    Re:

    REALLY??!!!

    rally, really really?
    Thankyou for the joke..Next time just get another job.

    reply to this | link to this | view in thread ]

  16. identicon
    Anonymous Coward, 10 Sep 2019 @ 3:32pm

    Re: of course they're not in bed together!

    ... they use a pair of sleeping bags zipped together.

    reply to this | link to this | view in thread ]

  17. icon
    ECA (profile), 10 Sep 2019 @ 6:56pm

    ??

    Corporate socialism..
    They get our money All the time to pay for Their mistakes..

    reply to this | link to this | view in thread ]

  18. identicon
    Anonymous Coward, 10 Sep 2019 @ 7:28pm

    At the time news of this hack broke, Equifax had purchased Veda, an Australian credit monitoring company. The hack news filled me with confidence that my personal details would be appropriately safeguarded.

    And there's nothing you can do about it. If you refuse to submit to a credit check (and in doing so, consent to your details being sent to Equifax), you can't get a home loan or credit card. Even if you never take out a loan, there's a good chance there's a credit profile on you anyway, just waiting to be leaked.

    reply to this | link to this | view in thread ]

  19. identicon
    Anonymous Coward, 10 Sep 2019 @ 8:44pm

    Section 230 couldn't protect newspapers from Craigslist.

    reply to this | link to this | view in thread ]

  20. icon
    Coyne Tibbets (profile), 10 Sep 2019 @ 11:28pm

    Equifax would rather spend it on the lawyers

    People might get more of that $125 settlement, if Equifax wasn't spending $124.98 of it on a lawyer to see whether or not the claimant is really eligible.

    But that's often the way that these awards go. Companies would rather give the money to the lawyers than to capitulate and give any of the money to people they wronged..

    Odd that the lawyers don't complain.

    reply to this | link to this | view in thread ]

  21. identicon
    Annonymouse, 11 Sep 2019 @ 4:31am

    Re:

    Uhm you got the numerator and denominator backwards.
    Each person affected gets 21cents
    Even with bulk mailing discounts the letter and check costs more.

    reply to this | link to this | view in thread ]

  22. identicon
    David, 11 Sep 2019 @ 5:13am

    Re: Re: of course they're not in bed together!

    What does "together" even mean for conjoined twins sharing a brain?

    reply to this | link to this | view in thread ]

  23. icon
    ECA (profile), 11 Sep 2019 @ 11:04am

    Re: Re:

    ya got me...
    Still wondering Who is doing the math..
    Or..
    Is the $32million the Fine, and we get what comes after...
    And Eq. messed it up BIG TIME..

    Who can trust a Credit agency, if they cant do the math??

    reply to this | link to this | view in thread ]

  24. icon
    ECA (profile), 11 Sep 2019 @ 11:05am

    Re: Re: Re: of course they're not in bed together!

    A head ache??

    reply to this | link to this | view in thread ]

  25. identicon
    Anonymous Coward, 11 Sep 2019 @ 4:28pm

    Perhaps its time for those people to tell the settlement oficials to go fuck themselves and sue individually directly. A few hundred thousand lawsuits ought to stop this very clear fuckery.

    reply to this | link to this | view in thread ]

  26. identicon
    Smartassicus the Roman, 11 Sep 2019 @ 4:49pm

    Imagine That

    I'm one of those that's affected and, knowing lawyers and knowing Equifuxyouover, I opted out of the settlement and will be suing them for about 1/2Mil and I'll settle for 125K.

    reply to this | link to this | view in thread ]

  27. icon
    John85851 (profile), 12 Sep 2019 @ 10:51am

    Re: Re:

    "Send a letter/fax to the FTC AND your federal representatives explaining how this personally impacts you and how it impacts your confidence in the office of the FTC AND your federal representatives who have not held the FTC nor Equifax responsible for this."

    Not to sound cynical... okay, to sound cynical... but what good will this do? You're one person and collectively, maybe we're 1,000 or 10,000 people.
    Our voices don't come close to matching the millions of lobbying dollars that companies like Equifax throw at the government.

    Now, if someone in the FTC or Congress had their identity stolen by one of these data breaches and were personally affected, then it would become an issue.

    reply to this | link to this | view in thread ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here



Subscribe to the Techdirt Daily newsletter




Comment Options:

  • Use markdown. Use plain text.
  • Remember name/email/url (set a cookie)

Close

Add A Reply

Have a Techdirt Account? Sign in now. Want one? Register here



Subscribe to the Techdirt Daily newsletter




Comment Options:

  • Use markdown. Use plain text.
  • Remember name/email/url (set a cookie)

Follow Techdirt
Special Affiliate Offer

Advertisement
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Advertisement
Report this ad  |  Hide Techdirt ads
Recent Stories
Advertisement
Report this ad  |  Hide Techdirt ads

Close

Email This

This feature is only available to registered users. Register or sign in to use it.