The Federal Trade Commission (FTC) on June 22nd announced the outcome of a settlement with Equifax, one of the three major credit monitoring firms in the United States.
The settlement requires Equifax to pay somewhere between $500 and $700 million in restitution for a 2017 data breach that affected about 147 million people across the United States, according to Jacqueline Connor, a privacy attorney with the FTC. The amount of the settlement is the highest in U.S. history for a data breach and the number of people impacted represents almost half the United States’ population. That’s nearly every adult in the country who has credit.
In California alone, Hackers were able to access and expose the personal information of about 15 million people.
“Our credit status impacts nearly every aspect of our lives – from purchasing a home or a car to finding a job,” said California Attorney General Xavier Becerra. “The same Americans who had to immediately protect themselves from fraudsters or identify thieves will have to be vigilant for the rest of their lives. We encourage every eligible person to apply for the relief they are entitled to as part of our settlement.”
About $300 million of the settlement amount will go to making payments to Americans affected by the breach. Equifax will pay another $275 million in fines to close the investigation by the Consumer Financial Protection Bureau and to end legal action by states who filed lawsuits against the company.
The hackers, who have not yet been identified, penetrated Equifax’s data files and were able to steal social security numbers, credit card numbers, addresses and other personal data. The breach affected all 50 states, the District of Columbia and U.S. territories.
To compensate victims, Equifax has set up a website (EquifaxBreachSettlement. com) where you can first check to see if you were affected by the breach. Then, you can apply for a check payment of “up to” $125, or you can choose free credit monitoring with all three major credit bureaus for up to four years, a value of a little over $950. When that period is over, you can choose to opt in for free credit monitoring by Equifax for another six years.
Because “millions of people” affected have filed claims for the $125 payment option since the settlement announcement, the FTC, which is responsible for consumer protection across the country, says applying for a cash payment is not the best way to go. So, as an alternative, Equifax is primarily now offering free credit monitoring to its customers affected by the data breach. If you’re already signed up for a free credit monitoring service and intend to keep it for the next six months, then you can apply for the $125 payment.
“The pot of money that pays for that part of the settlement is $31 million,” the FTC said in a statement. “A large number of claims for cash instead of credit monitoring means only one thing: Each person who takes the money option will wind up only getting a small amount of money. Nowhere near the $125 they could have gotten if there hadn’t been such an enormous number of claims filed.”
For Equifax to have paid out the full $125 to each person affected, a number of no more than 248,000 people would have needed to apply. If all 147 million people end up filing a claim, individual payouts would shrivel down to around .22 cents per person.
The cost for Equifax’s credit monitoring service is $19.99 a month, according to the company’s website. If every victim of the breach signs up, it could cost Equifax up to $2 billion to cover the costs.
Victims of identity theft or other fraud resulting directly from the breach who have documentation to back up their claim, will receive compensation of $25 an hour (for up to 20 hours) of the time they took to resolve the problem. They will be eligible for up to another 10 hours of $25-an-hour payments for the time they took to research or purchase protection services, including freezing their credit, after the fraud happened.
Those who incurred legal expenses or spent money on credit monitoring, notaries and other approved fines as a result of the hack, are eligible for up to $20,000 per person in reimbursements. They will also be required to show proof that their claims are valid.
The deadline to file all claims is Jan. 22, 2020.