If you’re one of the 147 million victims of the Equifax breach and you applied to get $125 as compensation for the historic hack, you may want to keep an eye on your email inbox.
Over the weekend, users who applied for a $125 cash payout promised by the government received an email from the Equifax Breach Settlement Administrator, demanding they prove they currently have free credit reporting if they want to receive the promised compensation.
While many users have been surprised by the notice, it’s an expected part of the government’s ongoing and fairly pathetic attempt to hold Equifax accountable for the historic breach.
As part of the original $575 million settlement, Equifax agreed to give users either ten years of free credit reporting, or $125 if they already had such services. But the FTC’s settlement only set aside $31 million to make these payments, or enough to pay just 248,000 of the estimated 147 million victims.
If you’re a victim who applied to get the $125 cash payout, the Equifax settlement administrator is giving impacted users until October 15 to prove (via the settlement website) they already have credit reporting.
The agency has seen widespread criticism for initially promising the $125 cash payout only to abruptly backtrack, insisting that because the public’s interest in free money was somehow “unexpected,” most victims would never actually see these funds.
This latest email again reminds users that even if you can prove you have credit reporting already, you still may not get the full $125 thanks to the limitations of the settlement. In response to what it’s calling “overwhelming” demand, the FTC also urges those who submitted a claim for $125 switch to the free credit reporting offer instead.
“Based on the number of potentially valid claims that have been submitted to date, payments of these benefits likely will be substantially lowered and will be distributed on a proportional basis if the settlement becomes final,” the email reads. “Depending on the number of valid claims that are filed, the amount you receive for alternative compensation may be a small percentage of your initial claim.”
The FTC has yet to meaningfully explain why it failed to set aside enough money to compensate users, or why it found the public interest in modest compensation surprising.
Legal experts consulted by Motherboard say the Equifax settlement only gives the illusion of a meaningful punishment. Not only did it not set aside enough money to pay out the promised $125 compensation, but the promise of free credit reporting is largely worthless, given such services are routinely given away for free in the wake of countless, similar hacks.
“With just $31 million to be divided up by all the Americans who filed to receive their $125 check, Americans have the choice of receiving pennies for having their credit details spilled out online, or receiving virtually worthless credit monitoring,” Senator Ron Wyden said in a previous statement to Motherboard. “Another clear failure by the FTC.”
While designed to sound impressive, such wrist slaps are doing little to help rein in the scope of privacy preaches. There were an estimated 1,200 U.S. data breaches in 2018 alone, exposing more than 446 million records. As such, Wyden has proposed legislation that would levy far more significant punishment for companies with lax security, including jail time for CEOs.
That said, users should still take advantage of the money that is available, even if they probably won’t get the full $125 originally promised. Users may also still be eligible for up to $20,000 in compensation if they can provide evidence that the leak of their financial data resulted in "fraud, identity theft, or other alleged misuse of your personal information fairly traceable to the data breach,” the settlement website states.