Two years after arguably the worst data breach in US history, the Federal Trade Commission has proposed an Equifax settlement to provide some restitution for the 148 million affected Americans. Unfortunately, it may not help you much.
The Devil’s in the Details
First of all, note that the settlement is still just a proposal. It must be ratified by a court before it’s finalized. So all of these details may change.
Second, even though “up to” $425 million has been set aside, there were 148 million victims. While one of your options is a cash payment of $125, it’s quite obvious that this math doesn’t add up. At this point it’s not clear if that means the cash payouts will be reduced proportionately if too many people apply or if somehow Equifax will have to pony up more money.
Also, to claim that $125, you have to certify that you already have credit monitoring and will have it for another 6 months at least. It’s not clear if they will require proof for this or not. Basically, the “solution” here is to provide a lot of credit monitoring services for free for many years – but if you already have that, then you can ask for cash instead.
If you actually suffered financial losses due to this breach, you can claim further money to help offset your time, expenses and damages. However, it would be very difficult to prove that any identity theft incident was directly attributable to the Equifax breach (given all the other breaches that have occurred). So again, it’s not clear what evidence you may have to produce to get this extra cash.
But assuming you can prove damages, you could be reimbursed up to $20,000 (per person) and may qualify for “free assisted identity restoration services”.
Submitting Your Claim
Even though the settlement still needs to be approved, you can submit your claim now for the Equifax settlement. (And if you don’t submit a claim, you won’t get anything.) You can go to www.equifaxbreachsettlement.com to register your claim(s) and sign up to be contacted when the settlement is finalized. This site will also tell you if you were affected by this breach, if you’re unsure.
Proactive vs Reactive
Unfortunately, credit monitoring will do nothing to prevent identity theft. It’s an automated system that helps to detect suspicious credit-related activity after the fact. That is, it’s a reactive response.
Note that this only prevents new credit from being issued in your name (new credit cards, loans, etc). It will not prevent someone from using your identity info to access existing stuff.
Also, it will even prevent you from accessing your credit. If you need to get a new credit card or new loan, you will need to find out what credit bureau they use and thaw your credit report temporarily. Sometimes your credit report is used when setting up utilities or applying for a job, too.
It’s a pain in the butt… but it’s really the best option we have right now.
Need practical security tips?
Sign up to receive Carey's favorite security tips + the first chapter of his book, Firewalls Don't Stop Dragons.
Don't get caught with your drawbridge down!