Your Equifax settlement $125 isn’t coming, but banks get their $5.5M

  News
image_pdfimage_print
Equifax corporate logo on an outdoor sign.
Enlarge / A shady company logo.

Back in 2017, Equifax infamously suffered a data breach that exposed devastating levels of personal and financial information of about 147 million Americans. Its punishment was a $575 million settlement with the Federal Trade Commission and a pinkie promise to go forth and sin no more. Individual consumers who were wronged were supposed to be able to claim $125 each from the settlement—until, that is, the FTC and Equifax remembered the wronged were still 144 million strong and the settlement fund didn’t have enough cash. Even so, though, individuals should be getting something—so where is it?

Equifax is indeed paying out right now—but not to you. Instead, the company has finally agreed to pay the banks (PDF) for the inconvenience of having to cancel and reissue millions of credit and debit cards, The Register points out. That agreement provides $5.5 million to “all financial institutions in the United States” that issued a Visa, MasterCard, Discover, or American Express card that was identified in the breach, except for banks that explicitly request to be excluded from the class. Equifax also promises to spend $25 million on strengthening its data security and will pay the administrative and legal costs for the banks involved in the settlement.

Granted, most individuals will see very little money from the settlement, if any. The original promise was that any affected person could receive either free credit monitoring or $125 in lieu of that if they had another active credit-monitoring solution. That bucket, however, was capped at $31 million in claims—enough to pay out a little under a quarter-million people, or 0.2 percent of those affected. After “unexpected” media attention drew an “overwhelming” number of claimants, the FTC dropped the option for choosing cash instead of credit monitoring altogether.

Individuals who did ask for the cash had an October 15 deadline to certify they already had credit-monitoring services in place. Everyone else had until January 22 of this year to file for the credit monitoring. But there’s been no contact from the settlement administrators since.

That could be due to class-action suits gumming up the works, The Register theorizes. A judge in March dismissed all the initial objections (PDF to the settlement from a would-be class-action suit. He found that, since 15 million people filed claims (including 3.3 million claims for credit monitoring) but “only 2,770” people asked to be excluded from the settlement and 388 directly objected, “in the wake of incomplete or misleading media coverage” or as “serial objectors,” the settlement could be considered reasonable and adequate.

https://arstechnica.com/?p=1677108