Billshark has the latest information on the government’s settlement with Equifax last week, plus how to determine whether you’re eligible to collect a piece of it.
Nearly two years ago, Equifax failed to prevent a data breach that allowed hackers to steal the personal information of nearly 150 million Americans.
The breach included birth dates, Social Security numbers, and addresses, driver’s license numbers, and credit card numbers, along with 3,200 passport images. What this means is that anyone with this information can use it to buy a car or house, file for your tax refund, file for Social Security benefits . . . pretty much anything they want.
Equifax is one of the three leading credit reporting bureaus (TransUnion and Experian are the others) that monitor every financial move you make and—for a fee—report your credit history to any potential creditor who asks about it.
This was the third major hack of Equifax in less than two years. It took the company three months to disclose the theft. And three of its top executives sold large blocks of its stock days after Equifax discovered the breach, but before it was revealed to the public. In addition, Equifax admitted it was aware of the security flaw for a full two months before it took action to plug the hole, thus allowing hackers access.
Last week, Equifax agreed to pay the U.S. Consumer Financial Protection Bureau (CFPB) up to $700 million to settle investigations into the data breach by 48 states, Washington, D.C., and Puerto Rico, and to cover civil penalties. Between $300 million and $425 million of that is earmarked to compensate consumers affected by the breach.
This is the largest ever settlement connected to a data breach, according to the Federal Trade Commission (FTC), which coordinated the settlement with the CFPB and various state’s attorneys general. The breach was one of also the largest ever to affect private citizens’ data.
“Companies that profit from personal information have an extra responsibility to protect and secure that data,” FTC Chairman Joe Simons said in a statement. “Equifax failed to take basic steps that may have prevented the breach.”
In addition to the financial penalties, the settlement requires Equifax to annually update its information security protocols, annually assess security risks, and submit to 20 years of third-party regular security assessments.
Affected consumers can get at least four years of free credit monitoring of their credit report at all three major credit bureaus, plus an additional six years of free credit monitoring of their Equifax credit report. Minors are eligible for even more free credit monitoring.
Those who decide to opt out of the free credit monitoring can receive a cash payment of $125.
Consumers may also be eligible for reimbursement and cash payments of up to $20,000 for:
- time spent protecting their identity or recovering from identity theft (up to 20 hours at $25 per hour);
- money spent protecting their identity or recovering from identity theft, like the cost of freezing or unfreezing their credit report or disputing unauthorized charges to their accounts; and,
- up to 25 percent of the cost of Equifax credit monitoring or identity protection products they bought between September 7, 2016 and September 7, 2017.
Finally, affected consumers are eligible for free identity restoration services for at least seven years if someone steals their identity or they experience fraud.
How this affects you
Because the amount allocated for reimbursement is limited, those who file later may not receive the full $125 promised if the fund runs out of money.
In addition, if you were impacted by the breach you do nothing, you will automatically waive your right to sue Equifax in the future. Remember, just because you haven’t been the victim of identity theft yet, this information is permanently “out there” and you may be impacted in the future.
Finally, by filing a claim, you also will lose your right to take future legal action, because you will have “settled” your claim. To avoid this, you must opt-out of the settlement by filing a written “request for exclusion” by mail with the settlement administrator postmarked no later than November 19th, 2019. For more information on how to do this, check here, question #23.
The settlement must still receive the approval of the U.S. District Court in Atlanta before consumers can begin to file claims.
Meanwhile, now’s the time to get your ducks in a row. The FTC recommends you collect and save any documents you have related to your efforts to avoid or recover from identity theft as a result of the breach.
Equifax will post updates on its claim site (https://www.equifaxbreachsettlement.com) when claims open. This site will enable you to learn whether you are entitled to a portion of the settlement, along with instructions on how to apply. You can also call its toll-free number (1-833-759-2982) for more information.
A final warning
This settlement is guaranteed to bring scammers out of the woodwork, offering to “help” you retrieve any money you may be owed, which you will be able to do yourself for free. Disregard emails, texts, phone calls, radio and TV ads, etc., that make such claims.
And remember, Billshark can help lower your bills. Let us review them for free. If we don’t save you money, you pay nothing.