I Got A Measly $14.90 From Equifaxâs Data Breach Settlement
I Got A Measly $14.90 From Equifax’s Data Breach Settlement
Shahar Ziv
Contributor
I teach students and employees how to ace their personal finances.
Follow
Feb 22, 2023,08:45am EST
Equifax
Close-up of the hand of a man holding a mobile phone open to the web site of credit bureau Equifax, ... [+]GETTY IMAGES
Americans likely can’t even fill up their gas tanks with the paltry payments EquifaxEFX -1.5% is providing for allowing hackers to easily steal Social Security numbers and other personal identifiable information. The payments are part of the company’s settlement with the Federal Trade Commission (FTC) over a 2017 data breach that exposed the personal information of 147 million Americans.
Equifax Data Breach Settlement Summary
In 2019, people affected by the breach were able to file claims for compensation. Those who suffered direct losses due to the breach and were able to provide documentation of out-of-pocket costs were eligible for up to $20,000. Those who didn’t suffer a direct loss were still eligible for some relief, including a one-time cash payment of up to $125 and additional compensation for time spent “remedying fraud, identity theft, or other misuse of your personal information caused by the data breach, or purchasing credit monitoring or freezing credit reports.”
Payments for eligible claims were sent starting this past December. I received an envelope with a check for $14.90; a far cry from the $125 one-time cash payment that had been touted by the FTC after the settlement. Perhaps I should consider myself lucky as others claimed to have received payments as low as $2.64; the modal amount anecdotally appears to be around $5.20.
A Flawed Settlement Means A Low Per-Person Payout
The low-dollar payouts are the result of an anemic settlement negotiated by the FTC. As part of the settlement’s restitution fund, Equifax had to create a fixed pot of $31 million to cover compensation for consumers whose data was stolen but hadn’t yet been the victim of any direct loss. As I wrote back in 2019, the $31 million cap “illuminates a potential flaw in the settlement that regulators negotiated with Equifax. Providing a fixed amount of compensation available to consumers is clearly in Equifax’s best interest because it caps the company's financial exposure. But does it really serve consumers who were affected by the breach? Instead, why not offer a fixed amount of money to anyone who files a claim?”
MORE FROM FORBES
Here's Why You Could Get As Little As $0.21 From Equifax's Data Breach Settlement
By Shahar Ziv
MORE FROMFORBES ADVISOR
Best Travel Insurance Companies
ByAmy DaniseEditor
Best Covid-19 Travel Insurance Plans
ByAmy DaniseEditor
The FTC believed that only a minute fraction of the 147 million Americans would care enough to file a claim. Robert Schoshinski, assistant director in the division of privacy and identity protection at the FTC, asserted in a 2019 blog post that “the public response to the settlement has been overwhelming” and that there has been “an unexpected number of claims.”
With a purported settlement payment of $125 and a fixed pot of $31 million, Schoshinski appears to have calculated that only 248,000 Americans would file a claim and ask for the cash payment. That translates to a forecasted claim rate of 0.17%. I questioned this forecast in 2019: “was it reasonable to assume that only 248,000 would want to at least get some money back after Equifax’s egregious handling of their data? Was it reasonable to assume that there wouldn’t be more anger and a desire to make Equifax pay for its security lapses?”
It is hard to know the average payment made by Equifax, but it appears to be quite low. If it were $5.20, that would mean 28 million Americans filed a claim, or close to 20% of eligible individuals. Even if the average payment were $15, that would mean close to 10 million Americans filed a claim, or 6.7%.
While I’m happy to have a few more dollars in my bank account, I’d be even happier if Equifax had been truly held accountable for its egregious data breach. “Even when companies are unquestionably at legal fault, the victims of data malfeasance are frequently unable to receive adequate compensation, if anything at all,” writes Indiana University law professor Joao Marinotti in an NYU Law Review article. Settlements like the Equifax one “neither affect the business practices of these global giants, nor do they provide adequate remedies for the victims harmed. If these consequences neither deter future cyber-negligence nor compensate victims for harms experienced, what, then, are they for? Unfortunately, some argue they are ‘mostly exercises in public relations,’ remediating the reputation of both regulators and companies alike.”
Regardless, I’m off to pump a few “free” gallons of gas.
Shahar Ziv
Contributor
I teach students and employees how to ace their personal finances.
Follow
Feb 22, 2023,08:45am EST
Equifax
Close-up of the hand of a man holding a mobile phone open to the web site of credit bureau Equifax, ... [+]GETTY IMAGES
Americans likely can’t even fill up their gas tanks with the paltry payments EquifaxEFX -1.5% is providing for allowing hackers to easily steal Social Security numbers and other personal identifiable information. The payments are part of the company’s settlement with the Federal Trade Commission (FTC) over a 2017 data breach that exposed the personal information of 147 million Americans.
Equifax Data Breach Settlement Summary
In 2019, people affected by the breach were able to file claims for compensation. Those who suffered direct losses due to the breach and were able to provide documentation of out-of-pocket costs were eligible for up to $20,000. Those who didn’t suffer a direct loss were still eligible for some relief, including a one-time cash payment of up to $125 and additional compensation for time spent “remedying fraud, identity theft, or other misuse of your personal information caused by the data breach, or purchasing credit monitoring or freezing credit reports.”
Payments for eligible claims were sent starting this past December. I received an envelope with a check for $14.90; a far cry from the $125 one-time cash payment that had been touted by the FTC after the settlement. Perhaps I should consider myself lucky as others claimed to have received payments as low as $2.64; the modal amount anecdotally appears to be around $5.20.
A Flawed Settlement Means A Low Per-Person Payout
The low-dollar payouts are the result of an anemic settlement negotiated by the FTC. As part of the settlement’s restitution fund, Equifax had to create a fixed pot of $31 million to cover compensation for consumers whose data was stolen but hadn’t yet been the victim of any direct loss. As I wrote back in 2019, the $31 million cap “illuminates a potential flaw in the settlement that regulators negotiated with Equifax. Providing a fixed amount of compensation available to consumers is clearly in Equifax’s best interest because it caps the company's financial exposure. But does it really serve consumers who were affected by the breach? Instead, why not offer a fixed amount of money to anyone who files a claim?”
MORE FROM FORBES
Here's Why You Could Get As Little As $0.21 From Equifax's Data Breach Settlement
By Shahar Ziv
MORE FROMFORBES ADVISOR
Best Travel Insurance Companies
ByAmy DaniseEditor
Best Covid-19 Travel Insurance Plans
ByAmy DaniseEditor
The FTC believed that only a minute fraction of the 147 million Americans would care enough to file a claim. Robert Schoshinski, assistant director in the division of privacy and identity protection at the FTC, asserted in a 2019 blog post that “the public response to the settlement has been overwhelming” and that there has been “an unexpected number of claims.”
With a purported settlement payment of $125 and a fixed pot of $31 million, Schoshinski appears to have calculated that only 248,000 Americans would file a claim and ask for the cash payment. That translates to a forecasted claim rate of 0.17%. I questioned this forecast in 2019: “was it reasonable to assume that only 248,000 would want to at least get some money back after Equifax’s egregious handling of their data? Was it reasonable to assume that there wouldn’t be more anger and a desire to make Equifax pay for its security lapses?”
It is hard to know the average payment made by Equifax, but it appears to be quite low. If it were $5.20, that would mean 28 million Americans filed a claim, or close to 20% of eligible individuals. Even if the average payment were $15, that would mean close to 10 million Americans filed a claim, or 6.7%.
While I’m happy to have a few more dollars in my bank account, I’d be even happier if Equifax had been truly held accountable for its egregious data breach. “Even when companies are unquestionably at legal fault, the victims of data malfeasance are frequently unable to receive adequate compensation, if anything at all,” writes Indiana University law professor Joao Marinotti in an NYU Law Review article. Settlements like the Equifax one “neither affect the business practices of these global giants, nor do they provide adequate remedies for the victims harmed. If these consequences neither deter future cyber-negligence nor compensate victims for harms experienced, what, then, are they for? Unfortunately, some argue they are ‘mostly exercises in public relations,’ remediating the reputation of both regulators and companies alike.”
Regardless, I’m off to pump a few “free” gallons of gas.
