Last week there was a bit of news as the FTC released a proposed settlement between the FTC and Equifax over the data brokers' massive security breach that came to light nearly two years ago. We had already noted that the FTC's way of dealing with Equifax seemed particularly tone deaf, but it's getting worse. Much worse. As you may have heard, part of the "settlement" with Equifax is that you could sign up to get $125 from the company (or possibly more). It was either that or free credit monitoring. But, come on: everyone already has so many "free credit monitoring" services from previous breaches that this is a totally meaningless offer. It also costs nothing for Equifax.
So, over the past week or so a ton of (helpful) news sites have been posting explainers on how to get your $125. Except... apparently too many people signed up and now the FTC is helping Equifax by telling people not to ask for money from the company any more. First, the FTC literally deleted that option from its website:
Equifax just removed the $125 claim payout option after millions submitted claims. Now it's offering credit monitoring. Don't worry, Equifax says, this is really a "much better value." https://t.co/DsBqg7oP1B pic.twitter.com/vLuFNXsENp— Laura Sullivan (@LauraSullivaNPR) July 31, 2019
The public response to the settlement has been overwhelming, and we’re delighted that millions of people have visited ftc.gov/Equifax and gone on to the settlement website’s claims form.
But there’s a downside to this unexpected number of claims. First, though, the good: all 147 million people can ask for and get free credit monitoring. There’s also the option for people who certify that they already have credit monitoring to claim up to $125 instead. But the pot of money that pays for that part of the settlement is $31 million. A large number of claims for cash instead of credit monitoring means only one thing: each person who takes the money option will wind up only getting a small amount of money. Nowhere near the $125 they could have gotten if there hadn’t been such an enormous number of claims filed.
So, if you haven’t submitted your claim yet, think about opting for the free credit monitoring instead. Frankly, the free credit monitoring is worth a lot more – the market value would be hundreds of dollars a year.
Of course, the proper response to this is for the FTC to recognize that a $31 million pot for settlements here was way too small. Remember, this is the same organization that was being criticized for "only" dinging Facebook for $5 billion for privacy violations that one could argue were significantly less egregious and damaging as Equifax's breach. The fact that the FTC thinks its job here is now to act as PR shop for Equifax, rather than to maybe go back to the drawing board is pretty telling.
As law professor James Grimmelmann notes, the response to all of this (anger, hatred) certainly suggests that the court should not approve this settlement:
The overwhelming response seems like a good indication that the proposed settlement is not fair, reasonable, and adequate, and that the court should reject it. Objections are due by November 19, and there is a fairness hearing on December 19. https://t.co/sAAxvhnlaT https://t.co/gfpFIYuM6M— James Grimmelmann (@grimmelm) July 31, 2019
This is pretty damning towards the FTC. If they built a settlement structure that only works if few of the people impacted claim it, then the settlement is objectively ridiculous. Either users who had their data leaked deserve $125 or they don't. The entire structure of setting up a $31 million pool, such that if the people impacted actually claim their money they get less of it, is just mindbogglingly pointless.
An internet engineer at Equifax who coded parts of a breach portal for the credit agency has been sentenced to 8 months of house arrest for insider trading. He was convicted of using insider information about the Equifax breach to make more than $75,000.
A new data leak could affect almost every single American, perhaps more than Equifax’s massive 2017 data breach of nearly 150 million individuals. Earlier this month, the renowned security researcher Vinny Troia announced that he discovered an unsecured database containing around 340 million individual records. According to Troia, the database included profiles of a few hundred million Americans belonging to Exactis, a Florida-based marketing and data-aggregation firm.
If you've had your identity stolen or if you're worried about having been doxxed by Equifax, you can freeze your credit record, and then Equifax, Experian, Trans Union and Innovis will block any requests to access your credit report. But that doesn't really matter. Equifax operates a secondary, noncompliant credit bureau called National Consumer Telecommunications and Utilities Exchange (NCTUE), on behalf of a secretive cartel of owners led by AT&T, but also including mysterious organizations like "Centralized Credit Check Systems."
Looks like Democratic Senator Heidi Heitkamp is getting her wish. After demanding that "somebody needs to go to jail" during a Congressional hearing about the Equifax breach late last year, the Department of Justice on Wednesday charged Jun Ying, the former chief information officer of one Equifax business unit, with insider trading, claiming he knowingly sold shares before the company revealed a massive data breach last year.
Our IP Address: