You can send a letter to the Courts and let them know why you do or don't think this is a sufficient and decent settlement.
Share it, let's get people writing in, because this lets Equifax keep really everything and in the end little real effect from their failure to take care of the information they were entrusted with.
If anyone is getting a mortgage or refinancing soon, ask your lender to 'drop' equifax without running your score with them - just take the score from the other two. Equifax is an unnecessary security and privacy risk.
They are a horrible company that needs to go out of business. Make their customers feel embarrassed to be doing business with them.
At the very least, government sponsored entities should not give them money. I have tried to ask both Queens Borough Public Library and Research Foundation City University of New York (RF CUNY) but nobody I talk to has any authority on this matter.
I tried this when signing up for a Chase credit card and they said that it was their policy to use Equifax. (I had a credit freeze in place with Equifax at the time.)
Post-breach, both TransUnion and Equifax now work with CreditKarma to let you view your score and whether or not your report is locked, and they both let you create an online account with them as well to view your score or easily lock/unlock your credit report whenever you need to. Experian refuses to work with CreditKarma and only lets you "freeze" and unfreeze your account in the legally required way, which requires filling out a big form and resubmitting your Name, address and SSN every time you do it. To create a similar online account with them to manage lock/unlock status and view your score they charge an absurd fee of $20/month.
The problem with boycotting Equifax is I also want to boycott Experian. And in the future, maybe TransUnion will have a major issue, who knows.
Is the bank going to be cool with me boycotting the 2 biggest of them, or even all 3? Obviously not, so let's not pretend that consumer choice is a real way out of this mess.
You assume they still don't get paid when a credit report is run without asking for that burro. I don't see any evidence that this is how the fee structure works.
I get benefits from my Equifax score and have made zero changes to my credit behavior, am aware of items on my credit report and am just as vulnerable to identity theft as all of you.
Its an objective acceptance of reality.
Typically I like to know which lenders check which score, so that I can strategically drop a hard inquiry on a particular reporting agency’s score, I use the multiple scores as a currency for maximum amounts of hard inquiries, as a hard inquiry temporarily lowers the score decreasing chances of approval or favorable lending terms. Once I hit two or three on Equifax, I will only apply with lenders that hit Transunion scores, etc. When the approvals go through my unutilized credit has increased so much that it has raised my scores more than the inquiries dropped them. When I actually go to apply for a mortgage I would be considered the most credit worthy borrower and save hundreds of thousands in interest payments.
Everyone needs to realize that the whole "fine" was just an inside deal. Who do you think provides credit monitoring services? That's right, credit bureaus. That's why the they're pushing everyone to take the "free credit monitoring", so they recover the loss from the fine.
If they were to pay all 140 million people $125, the sum would be $17b or so, which is an appropriate fine.
You're right, $17B (or more, or dissolving the company) would start to actually spark off some real change in attitudes towards infosec among executives, instead of just continuing the status quo with this non-enforcement action.
The strangest part of this ordeal was when that guy from the FTC was encouraging consumers to take the monitoring on Equifax's request.
They're not even pretending to be regulated anymore, they just come out and tell the government what to say.
Despite all this provable negligence and incompetence all laid out in writing for everyone to see they still suffered zero real consequences. This is going to keep happening over and over and over again until we decide it's unacceptable.
It's doubly painful, because the "free credit monitoring" on offer is provided by Equifax -- the exact company whose competence we don't trust anymore. The compensation for being affected by Equifax's security failure is a gratis security offering from that same company. For crying out loud, they could have at least paid Experian or TransUnion to do the monitoring: while they are just as shady, we don't have immediate evidence of their security incompetence.
It's like if you purchased a product that exploded, injuring you, but somehow the manufacturer was permitted to compensate you by giving you other products they manufacture. Why would you want those products? How do you know they won't also explode?
There has been a bit of pain aside from the flimsy monetary damages. To date Equifax had to manage numerous lawsuits from municipal, state and federal jurisdictions. They were investigated by FTC, SEC, Consumer Financial Protection Bureau, UK Financial Conduct Authority, UK Information Commissioner’s Office (privacy regulator) and the Office of the Privacy Commissioner of Canada. Equifax had to attend congressional hearings conducted by the House Financial Services Committee, the Senate Banking, Housing, and Urban Affairs Committee, the Senate Judiciary Subcommittee on Privacy, Technology, and the Law, the House Energy and Commerce Subcommittee on Digital Commerce & Consumer Protection and the Senate Commerce, Science, and Transportation Subcommittee on Communications. The outcome aside from monetary penalties also should factor substantial reputation damages, costs of increased regulation at both the state and federal levels, CEO Richard Smith retirement, issuance of a public apology and the IRS suspended its contract with Equifax. Further lawsuits, hearings and regulation will continue to tax Equifax.
It seems like companies only get the message when there’s jail time involved. None of the companies would freeze my credit since their web sites said some unspecified value couldn’t be verified for me, despite confirming my data was indeed lost. Pretty sure, like other regulations that include jail time, this wouldn’t have happened or their website to freeze my credit would have worked.
I agree. Until someone's ass is on the line, and I mean in terms of prison time and not merely their job, the rational thing to do for a shitty company that never cared for its customers is to continue with that approach.
Totally agree. Courts also need to be less hesitant to disband corporations that break laws or court orders. Too big to fail should go the way of the dodo.
Thank you... words matter... "unwitting victims" would be more like it. Or perhaps "American citizens". As your rhetorical question points out, we are not defined by what we buy.
I did not directly provide my personally identifying information to Equifax, yet they held (and continue to hold) it and disclosed it en masse through their organization's technical incompetence.
I did not "consume" anything from Equifax, and yet, that is the default word that every newspaper writer reaches for whenever they need to refer to a class of people affected by any economic activity.
"Consumer" implies passivity, and in my opinion, leads to a mass culture of learned helplessness and anxiety/depression by implying our only value is our position on the hedonic treadmill. Hyperbolic? Perhaps, but why not choose a different word?
In an ideal world, a white-hat would write a script that uses all of the hacked data to apply for the settlement on behalf of the hacked users so that the affected users don't have to individually work out how to hack Equifax's claims process.
I have credit monitoring but signed up for it from this settlement anyway. I doubt anyone will see anymore than a couple of bucks from this. It's a scam and they got away with it. That's what happens when your government cares more about corporate profits than people. None of the things here will do anything to change that short of pursuing your own case against them which will definitely cost more than $125, not to mention time and effort. The bad guys just won. As usual.
Equifax cannot afford to pay $125 to each member of the potential class. It's way above their revenue, let alone profit. So they would go bankrupt and whatever cash is on hand would be divvied up. The credit information would presumably be sold to the highest bidder.
How about the FTC instead agrees that identities cannot be stolen and puts companies on the hook for the money they lose by not verifying identity. You have an account with a bank and they give the money to a fraudster? Well, then they have to credit your account and go looking for the money. Someone opens a loan in your name? The company has to pay you for the time spent removing their garbage from the credit report and they have to go get the money back from the fraudster. Why not just remove the bite from identity theft?
This whole process is a joke. I went and dug up my claim number, entered it into the site to amend, and the site just dies and doesn't allow me to proceed any further. If they had my contact info to begin with, just cut me a check and skip the shenanigans.
I don't remember where I saw this, but I do remember reading that if you are going to object you cannot object to the settlement amount, just the settlement in general. And reasoning for the objection cannot be monetary.
To what? The Trump-controlled FTC? The castrated CFPB that now spends its time promoting a partnership with the most medieval red states called the "Financial Innovation Network" (https://www.consumerfinance.gov/about-us/newsroom/bureau-sta...)? Where do you think that's going to get you?
The title of this post (which, admittedly, was taken from the NYTimes) isn't really correct.
The terms of the settlement have been set. Equifax's financial outlay is fixed. All of the post settlement divvying up of the funds is being administered by the government bodies who negotiated the settlement, not Equifax.
Equifax's desires about how the money gets divvied up at this point are irrelevant.
The text from the Equifax Settlement Administrator
> Your Equifax Claim: You Must Act by October 15, 2019 or Your Claim for Alternative Compensation Will Be Denied. The amount you receive in connection with your alternative compensation claim may be significantly reduced depending on how many valid claims are ultimately submitted by other class members for this relief. Based on the number of potentially valid claims that have been submitted to date, payments of these benefits likely will be substantially lowered and will be distributed on a proportional basis if the settlement becomes final. Depending on the number of valid claims that are filed, the amount you receive for alternative compensation may be a small percentage of your initial claim.
That text was just them fear mongering. Even the FTC urged to opt for the credit monitoring instead through more fear inducing statements.
> You can still choose the cash option on the claim form, but you will be disappointed with the amount you receive and you won’t get the free credit monitoring.
Mostly agreed. My understanding is the divvying up is not a govt entity, and the judge still has to approve the settlement, which isn’t a foregone conclusion, so it’s not entirely true that Equifax is out of the woods. Also, the reputational damage hits them even if they’re not the proximate actor here.
I was a little confused by that. My best guess is that they're hoping that they can shuffle enough people off onto credit monitoring that the hundred million people getting a nickel apiece don't demand they re-open their settlement?
That seems unlikely. Perhaps they're hoping that some of their new credit monitoring customers will like it so much that they'll pay for the service after the term expires?
I chose the cash option because I have credit monitoring through 2025 from the OPM breach of my SF-86 (security clearance application information) years ago. This is so idiotic. The FTC did consumers no favors in negotiating such an absolutely pitiful settlement.
This is the sort of thing that millennials should focus our energy on. We may be politically polarized, but I think we can all agree that this is bullshit and needs to be fought.
Something I've wondered always wondered when reading through class actions: do multiple class actions suits over the same set of facts ever happen? Are they possible?
It seems technically possible: Class action settlement reached, somehow a huge portion of the impacted class opts out of the settlement (extremely unlikely, but possible). Opted out class members somehow organize a subsequent action.
Is the above possible? By opting out, you explicitly keep your own individual right to bring action against the defendant, but does it bar class action participation? There's a moral hazard argument that allowing this would create a perverse incentive on the part of the class legal representation to encourage class members to opt out of the settlement and organize subsequent actions.
Question not specifically related to the settlement:
Shouldn't this breach of nearly half of all Americans' social security numbers be the nail in the coffin of pretending SSNs are a secret that can be used to verify your identity?
tl;dr: For those who applied for the $125 payout option in the Equifax data breach settlement, you should've gotten an email requiring that you provide more information by October 15, or that your claim would be denied.
The information required is only a single input where you type the name of your credit monitoring service, and affirm you will continue to use it for at least 6 months.
Not a high bar to clear. Mint.com offers credit monitoring for free, as do a number of credit cards.
I received no such email and I signed up fairly quickly for the $125. I've checked my spam folder as well as everywhere else, they simply haven't sent me such an email.
[+] [-] ScoJoh|6 years ago|reply
You can send a letter to the Courts and let them know why you do or don't think this is a sufficient and decent settlement.
Share it, let's get people writing in, because this lets Equifax keep really everything and in the end little real effect from their failure to take care of the information they were entrusted with.
[+] [-] cwkoss|6 years ago|reply
They are a horrible company that needs to go out of business. Make their customers feel embarrassed to be doing business with them.
[+] [-] TheSoftwareGuy|6 years ago|reply
[+] [-] noodlesUK|6 years ago|reply
[+] [-] mcny|6 years ago|reply
[+] [-] dheera|6 years ago|reply
[+] [-] cactus2093|6 years ago|reply
The problem with boycotting Equifax is I also want to boycott Experian. And in the future, maybe TransUnion will have a major issue, who knows.
Is the bank going to be cool with me boycotting the 2 biggest of them, or even all 3? Obviously not, so let's not pretend that consumer choice is a real way out of this mess.
[+] [-] PretzelFisch|6 years ago|reply
[+] [-] mannanj|6 years ago|reply
[+] [-] wil421|6 years ago|reply
[+] [-] rolltiide|6 years ago|reply
Its an objective acceptance of reality.
Typically I like to know which lenders check which score, so that I can strategically drop a hard inquiry on a particular reporting agency’s score, I use the multiple scores as a currency for maximum amounts of hard inquiries, as a hard inquiry temporarily lowers the score decreasing chances of approval or favorable lending terms. Once I hit two or three on Equifax, I will only apply with lenders that hit Transunion scores, etc. When the approvals go through my unutilized credit has increased so much that it has raised my scores more than the inquiries dropped them. When I actually go to apply for a mortgage I would be considered the most credit worthy borrower and save hundreds of thousands in interest payments.
I really don’t care about this crusade.
[+] [-] exabrial|6 years ago|reply
If they were to pay all 140 million people $125, the sum would be $17b or so, which is an appropriate fine.
[+] [-] situational87|6 years ago|reply
The strangest part of this ordeal was when that guy from the FTC was encouraging consumers to take the monitoring on Equifax's request.
They're not even pretending to be regulated anymore, they just come out and tell the government what to say.
The senate report on this hack goes into lots of technical detail, savaging Equifax for their gross incompetence and negligence beat by beat: https://www.hsgac.senate.gov/imo/media/doc/FINAL%20Equifax%2...
Despite all this provable negligence and incompetence all laid out in writing for everyone to see they still suffered zero real consequences. This is going to keep happening over and over and over again until we decide it's unacceptable.
[+] [-] amalcon|6 years ago|reply
It's like if you purchased a product that exploded, injuring you, but somehow the manufacturer was permitted to compensate you by giving you other products they manufacture. Why would you want those products? How do you know they won't also explode?
[+] [-] raisedbyninjas|6 years ago|reply
[+] [-] gummydog|6 years ago|reply
[+] [-] argd678|6 years ago|reply
[+] [-] 99052882514569|6 years ago|reply
[+] [-] tathougies|6 years ago|reply
[+] [-] phyzome|6 years ago|reply
[+] [-] ipython|6 years ago|reply
I did not directly provide my personally identifying information to Equifax, yet they held (and continue to hold) it and disclosed it en masse through their organization's technical incompetence.
I did not "consume" anything from Equifax, and yet, that is the default word that every newspaper writer reaches for whenever they need to refer to a class of people affected by any economic activity.
"Consumer" implies passivity, and in my opinion, leads to a mass culture of learned helplessness and anxiety/depression by implying our only value is our position on the hedonic treadmill. Hyperbolic? Perhaps, but why not choose a different word?
[+] [-] entropea|6 years ago|reply
Yes.
https://hyperallergic.com/313435/an-illustrated-guide-to-guy...
[+] [-] msla|6 years ago|reply
Are you a child, a parent, a sibling, or a citizen?
Or are you all of those things depending on context?
I get what you're saying, but you chose a way of expressing it which invites immediate response.
[+] [-] rundmc|6 years ago|reply
[+] [-] mnm1|6 years ago|reply
[+] [-] projektfu|6 years ago|reply
How about the FTC instead agrees that identities cannot be stolen and puts companies on the hook for the money they lose by not verifying identity. You have an account with a bank and they give the money to a fraudster? Well, then they have to credit your account and go looking for the money. Someone opens a loan in your name? The company has to pay you for the time spent removing their garbage from the credit report and they have to go get the money back from the fraudster. Why not just remove the bite from identity theft?
[+] [-] auiya|6 years ago|reply
[+] [-] boopk|6 years ago|reply
[+] [-] ummonk|6 years ago|reply
[+] [-] Wheaties466|6 years ago|reply
[+] [-] koboll|6 years ago|reply
[+] [-] harryh|6 years ago|reply
The terms of the settlement have been set. Equifax's financial outlay is fixed. All of the post settlement divvying up of the funds is being administered by the government bodies who negotiated the settlement, not Equifax.
Equifax's desires about how the money gets divvied up at this point are irrelevant.
[+] [-] aloknnikhil|6 years ago|reply
The text from the Equifax Settlement Administrator
> Your Equifax Claim: You Must Act by October 15, 2019 or Your Claim for Alternative Compensation Will Be Denied. The amount you receive in connection with your alternative compensation claim may be significantly reduced depending on how many valid claims are ultimately submitted by other class members for this relief. Based on the number of potentially valid claims that have been submitted to date, payments of these benefits likely will be substantially lowered and will be distributed on a proportional basis if the settlement becomes final. Depending on the number of valid claims that are filed, the amount you receive for alternative compensation may be a small percentage of your initial claim.
That text was just them fear mongering. Even the FTC urged to opt for the credit monitoring instead through more fear inducing statements.
> You can still choose the cash option on the claim form, but you will be disappointed with the amount you receive and you won’t get the free credit monitoring.
> https://www.ftc.gov/enforcement/cases-proceedings/refunds/eq...
But, if this is how the whole process is "administered", then I guess you might as well not have any hopes of seeing the compensation.
EDIT: Corrected to identify the authority of the email correctly.
[+] [-] lvh|6 years ago|reply
[+] [-] jfengel|6 years ago|reply
That seems unlikely. Perhaps they're hoping that some of their new credit monitoring customers will like it so much that they'll pay for the service after the term expires?
[+] [-] ptyyy|6 years ago|reply
[+] [-] DATACOMMANDER|6 years ago|reply
[+] [-] tracer4201|6 years ago|reply
[+] [-] RachelF|6 years ago|reply
Their head of security, Susan Mauldin, had zero security or computer skills - she was a music teacher.
https://www.marketwatch.com/story/equifax-ceo-hired-a-music-...
[+] [-] ummonk|6 years ago|reply
On the other hand, this settlement shouldn't have been capped at such a ridiculously low amount.
[+] [-] the_watcher|6 years ago|reply
It seems technically possible: Class action settlement reached, somehow a huge portion of the impacted class opts out of the settlement (extremely unlikely, but possible). Opted out class members somehow organize a subsequent action.
Is the above possible? By opting out, you explicitly keep your own individual right to bring action against the defendant, but does it bar class action participation? There's a moral hazard argument that allowing this would create a perverse incentive on the part of the class legal representation to encourage class members to opt out of the settlement and organize subsequent actions.
[+] [-] zer0faith|6 years ago|reply
Honestly.. send these people to jail make an example out of them.. hopefully people will think twice.
[+] [-] CaliforniaKarl|6 years ago|reply
[+] [-] tlrobinson|6 years ago|reply
Shouldn't this breach of nearly half of all Americans' social security numbers be the nail in the coffin of pretending SSNs are a secret that can be used to verify your identity?
[+] [-] icedchai|6 years ago|reply
[+] [-] CaliforniaKarl|6 years ago|reply
The FTC confirms it's legit: https://www.ftc.gov/enforcement/cases-proceedings/refunds/eq... (FAQ 4 item 2)
The article's author says Gmail filed it into the 'Promotions' folder.
[+] [-] ewoodrich|6 years ago|reply
[+] [-] koboll|6 years ago|reply
Not a high bar to clear. Mint.com offers credit monitoring for free, as do a number of credit cards.
[+] [-] ulkesh|6 years ago|reply
[+] [-] HillaryBriss|6 years ago|reply
Yeah, but they have to contact people by email because they don't have anyone's physical home address.