Con Watch: Why You Need to File Your Equifax Claim Now

Steve Weisman is a lawyer, college professor, author, and one of the country’s leading experts in cybersecurity, identity theft, and scams. See Steve’s other Con Watch articles.

It was two years ago that Equifax, one of the three large credit reporting agencies, suffered a major data breach in which personal data of more than 147 million people was stolen. The personal information included the names, dates of birth, and Social Security numbers

The sad truth is that the data breach was avoidable, having been caused by hackers who exploited a vulnerability in an Apache software program used by Equifax. Apache had issued a security update months earlier, which Equifax failed to install in a timely manner. As a result of the negligence of Equifax, charges were brought by various state and federal agencies. The Federal Trade Commission (FTC), the Consumer Financial Protection Bureau (CFPB) and all but two of the states’ Attorneys General have settled their claims against Equifax.

Individual claims under the settlement are now being accepted, although the settlement still is awaiting court approval, which is expected to occur on December 19, 2019. The first step for everyone is to find out if your personal information was affected by the data breach.

If you find that you were one of the 147 million people affected, here is a list of what you may receive under the terms of the settlement.

  1. Free credit monitoring for four years at all three credit bureaus — Equifax, Experian and TransUnion — and six more years of free credit monitoring at just Equifax. If you already have credit monitoring, you can choose to receive $125.
  2. Additional cash payments of as much as $20,000 for expenses you paid out of pocket in response to the Equifax data breach. These reimbursement payments are intended to cover data breach related payments made by you such as the costs of freezing and unfreezing your accounts (which until last September cost between $3 and $12 each time you froze and unfroze your credit reports), credit monitoring, and fees paid to accountants or lawyers related to the data breach.
  3. Payments related to the time you spent dealing with the data breach at a rate of $25 per hour. If your claim is for ten hours or less, you are required to describe the actions you took, such as freezing your credit reports at each of the three credit reporting agencies and the time that you spent on these activities. If your claim is for more than ten hours, in addition to describing what you did, you must also provide copies of documents showing that you were a victim of identity theft or other problems related to misuse of your information.
  4. Seven years of free access to assistance through identity theft restoration services in the event that you do become a victim of identity theft.
  5. Beginning next year, you can get seven free credit reports each year for the next seven years from Equifax, upon request. (Federal law already provides that you can get one free credit report annually from each of the three major credit reporting agencies.)

While many news reports of the settlement indicate that Equifax will be paying $700 million to settle the claims against it brought by the various federal agencies and states’ Attorneys General, that number is extremely misleading. Only $425 million of that amount is earmarked for the benefit of consumers, and only $31 million of that amount is allocated toward the $125 cash payments. The remaining $394 million allocated toward consumers goes toward paying for the cost of the credit monitoring provided for in the settlement and the reimbursement payments. In addition, once the $31 million dollars earmarked for individual $125 payments is exhausted, the payments will be reduced. Therefore, it is important for you to file a claim as soon as possible in order to receive the full $125. All claims must be filed no later than January 22, 2020. Note that no payments will be sent until after the settlement receives judicial approval, which is expected in December.

If you choose to receive free credit monitoring, once the settlement has been approved by the court and your claim has been approved, you will receive an activation code and instructions by your choice of email or regular mail. Cash payments will be made by check or debit card sent by mail once the settlement and your claim have been approved.

If you wish to opt out of the settlement and sue Equifax on your own, you must do so by filing a request for exclusion by mail no later than November 19, 2019. However, I cannot imagine any situations where it would be worth your while to do so.

Another aspect of this data breach that has been hardly reported on is that in the two years since the data breach occurred, none of the data stolen in the data breach has been put up for sale on the Dark Web, that part of the Internet where criminals buy and sell goods and services. Generally, following data breaches, the information is promptly marketed on the Dark Web as soon as possible to maximize profits. To date, there have been no reports of identity theft attributable to the stolen information. This has led many experts, myself included, to conclude that similar to the 2015 massive data breach at the federal Office of Personnel Management, this data breach may well be the work of the Chinese government, which undertakes such activities as a part of intelligence gathering and not for profit making.

Featured image: Shutterstock.com

Con Watch: Protecting Yourself from Data Breaches

Steve Weisman is a lawyer, college professor, author, and one of the country’s leading experts in cybersecurity, identity theft, and scams. See Steve’s other Con Watch articles.

Recently, the Marriott hotel chain announced that it had suffered a major data breach involving its Starwood guest reservation database. Starwood is a group of hotels bought by Marriott in 2016 and includes such well known hotel chains as the St. Regis, Westin, Sheraton and W Hotels. The data breach was discovered in early September 2018 by Marriott, but had been ongoing since 2014. The total number of people affected by the breach is estimated to be an astounding 500 million. 327 million had personal information stolen, including names, phone numbers, email addresses, and birth dates. Millions more also had credit card information compromised. Marriott and law enforcement authorities are investigating the matter, which appears to be the work of Chinese state hackers.

Marriott has set up a website with updated information about the data breach. If you stayed at a Starwood hotel between 2014 and now you should check out the website for more information.

It is an unfortunate fact of life that regardless of how careful you are about protecting the security and privacy of your personal information, you are only as safe as the companies and government agencies with the weakest security. You may have not stayed at a Starwood hotel in the last four years, but chances are you are among the millions of people whose personal information was compromised by data breaches at Equifax, Orbitz, eBay, Premera Blue Cross, Anthem, Lord & Taylor, Saks Fifth Avenue, T-Mobile, Hyatt, Brooks Brothers, Chipotle, Neiman Marcus, Arby’s, Staples, Kmart, Dairy Queen, Home Depot or Target, to name just a few.

With many companies and governmental agencies failing to take proper security measures to protect your data, it is truly more a question of when, not if, will your personal information be stolen by hackers. The threat of identity theft posed by a data breach is very much dependent on which personal information was stolen. At its most benign, email addresses or other similar information may be used by hackers to formulate spear phishing emails and text messages to lure you into clicking on malware-infected links. At its worst, such as in the Equifax data breach, sensitive personal information such as your Social Security number can be used directly to make you a victim of identity theft.

Protect Yourself Against Data Breaches

Taking the security precautions listed below can help prevent you from becoming a victim of identity theft.