
Claiming your $125 from Equifax is a “moral duty” - based2
https://boingboing.net/2019/07/26/soak-em.html
======
xoa
> _diverted to anti-identity-theft measures and charities [...] identity
> protection[...]_

This is not to rag on boingboing in particular at all, this sort of language
has become ubiquitous, but it's still incredibly frustrating. I have to wonder
if "identity theft" represents one of the most effective bits of
propaganda/doublespeak ever coined. The very wording flips around cause and
effect and in turn responsibility. In reality people don't generally get their
identities stolen, institutions/organizations _fail to properly verify it_. If
someone claiming to be me applies for some financial service and the bank goes
ahead and grants it, it's not that my "identity was stolen" it's that the
bank/industry did a piss poor job of verifying it. It should be between them
and the party that committed fraud, and if they go after me instead then they
too should be _punished_ for it as literal accessories to the fraud.

Instead we've ended up with this madness where parties A & B can do a
transaction, and then party C can end up being pinned with it without ever
having so much as a single interaction with A or B. There has been an
internalized sense of helplessness and blame shifting that has allowed the
industry to skate by something that we absolutely have the technology and
economics to solve to a high degree. The article is not wrong that we should
expend some effort to try to make sure that at least this minimal fine sticks
a bit, but I _resent_ having to be involved at all and having to give my info
yet again to the guilty and having to buy into their root cursed fraud scheme
and jump through their hoops.

What's really needed is a blanket law stating something along the lines that
no unconnected 3rd party is ever liable for transactions between others, and
that anyone who then goes after them for it is not only strictly liable for
all expenses and damages but also minimum 3x punitive damages as well and some
minimum flat level per incident too.

~~~
robbiep
I agree in sentiment however then the burden shifts to proving that person C
was not really person A, and therein lies the crux

~~~
xoa
> _however then the burden shifts to proving that person C was not really
> person A_

First: No. The burden is on B to prove that C is A, the default should be that
if they cannot quite definitively identify the counter party then tough
cookies. And they need to do this while covering all expenses and time value
with interest in the event they're mistaken.

Second: if only! Most identity theft is not even remotely subtle. It's people
walking in with mediocre quality forged documents or minimal info literally
hundreds or thousands of miles from any location C has ever visited in their
lives. Or someone randomly claiming to be C via some simple 10 digit
government number and an email address C has never used. Etc etc. It's not
exactly mission impossible hacking-a-passport-and-wearing-full-3D-facial-
prosthetics-and-voice-changer stuff we're talking about here. Standard "ID
theft" is just from a financial party with all the incentives to push through
acceptance as frictionlessly as possible and then simply hound whomever they
can try to pin it on and feed them into "debt collection" systems until most
people cave.

What the law needs to recognize is that everything about this should be
literally criminal. The original criminal is the one who committed the
original fraud. But everyone who goes along with it from then on out, every
single 3rd party directly trying to _steal_ money or time or whatever from the
innocent victim, is an accessory to that fraud. All of them are involved,
though as always they can seek (after paying their penalty) to shift
expense/liability back up the chain if they can prove it. It's their fault for
insufficiently verifying the original counter party, and then they've
compounded it by seeking to defraud someone unrelated.

------
basilgohar
There are so many things wrong with this I don't know where to begin.

While I agree with the premise that we should make security breaches as
painful and expensive as possible for negligent parties such as Equifax, the
manner of this claim feels completely off.

For starters, I have to submit information to a 3rd party, and that in fact
will start a process that I, as a victim (potentially, at least) of Equifax's
negligence, must complete. Moreover, even the actual damages I will be
entitled to is quite unknown. I realize a lot of this is due to class action
law, but it's still woefully insufficient.

Furthermore, reading through the fine print, at least according to other
analysis I've read about it, you also have to enroll or already be enrolled in
some kind of identity protection program (such as what Equifax offers
themselves). So, I would to have to opt-in to a system I am trying to stay out
of in the first place.

And why do I even have to confirm my info? If Equifax has it already, then
they should reach out to me, as a victim of their negligence.

There is more, but these are the most glaring issues. I realize there's not a
lot that can be done, but these factors give me a strong distaste for this and
I think we are deluded in thinking this will actually amount to anything more
than a slap on this wrist or even cost them much of anything. It's going to
cost them up to $31 million based on people's claims. It likely won't cost
them more by me filling out the claims, but it will cost me as I'll have to
become further entrenched in a monitoring system that got us into this mess in
the first place.

~~~
qrbLPHiKpiux
I mailed my paper claim in yesterday. It only asked your name, address, and
birth year. Nothing else.

~~~
woriuweflksdncn
But were you an adult when the breach happened? The paper form says this: "If
you were over the age of 18 on May 13, 2017, and wish to file a claim form,
visit www.EquifaxBreachSettlement.com. Do not use this claim form."

~~~
kevindong
There's two forms on that website. The first [0] is for everyone. The second
[1] is for people who were under 18 at that time.

[0]:
[https://www.equifaxbreachsettlement.com/admin/services/conne...](https://www.equifaxbreachsettlement.com/admin/services/connectedapps.cms.extensions/1.0.0.0/5e30940d-7e11-4b49-b115-6d89a16c0e3f_1033_EFX_-
_Final_Claim_Form.pdf)

[1]:
[https://www.equifaxbreachsettlement.com/admin/services/conne...](https://www.equifaxbreachsettlement.com/admin/services/connectedapps.cms.extensions/1.0.0.0/6574a180-64d4-43a6-b8df-979a4dd1d36e_1033_EFX_-
_Minor_Claim_Form.pdf)

~~~
woriuweflksdncn
Thank you! I didn't see the other form!

------
simonebrunozzi
I have a proposal, and I am certainly not the right person to implement it,
but I hope that someone reads this and will.

I would love to dedicate my $125 (assuming I am part of the breach, which is
almost certain) to the pursuit of damage, and possibly incarceration, for the
Equifax CEO and top executives at the company.

Give me a reputable law firm willing to take my donation, with clear use of
proceedings. I bet thousands of people would love to spend that $125 this way.

~~~
Whatarethese
I will donate my money for this quest. I will mail him shit for the next half
year.

~~~
simonebrunozzi
What would be the simplest way to enlist, say, 1,000 people and then reach out
to a few law firms?

A blog post? A mailing list? Else?

------
dharmon
Do it anyway, but worth mentioning that the maximum penalty is _not_ $700M,
but $31M. If more than 250k(ish) people sign up, the payout per-person goes
down. [1]

[1]
[https://twitter.com/rufo/status/1154872589241802753](https://twitter.com/rufo/status/1154872589241802753)

~~~
Someone1234
A lot of the $700M settlement is being used for Equifax to pay itself money
for monitoring.

They will be giving away their "ID Patrol" product ($16.95/month) for four
years, and charging the fund $813/each. Essentially the left hand is going to
pay the right hand and it is considered a "fine."

~~~
heavenlyblue
Why is that legal?

~~~
__s
Because software is handled with leaky metaphors

Imagine a defective physical product went out. Then the company sent out
repair kits. Those kits have a real cost to produce/ship/etc

It would still seem kind of silly that a company is sending me repair kits
instead of money I can choose whether to invest in repairs or not, but so it
goes

~~~
cco
I think your analogy misses the key point, that is in your analogy the company
that sent out the defective physical product is now "fined" by the US
government and forced to send out repair kits to those that request them; when
a user requests this repair kit the company charges the fund created by the
"fine" $813 to send out the repair kit even though the repair kit cost is
pennies.

It's racketeering.

------
chkaloon
Is there a way to absolutely verify that this website is, in fact, the correct
one and not a scam to collect personal info? Ironically, if they had used the
Equifax domain instead of equifaxbreachsettlement.com I would have felt more
comfortable filling out that form.

~~~
jjw1414
Agreed. Possibly Equifax consciously chose a "scammy-sounding" domain to deter
individuals from filing a claim.

~~~
ameliaquining
No, they didn't choose the domain at all. It doesn't belong to them; it
belongs to the people managing the settlement.

------
danShumway
I've seen a couple of people check to see if they're eligible and get back an
answer of "no".

This is a pure curiosity question, but I didn't think Equifax knew which
numbers had and hadn't been leaked -- my impression was just that hackers got
access to the full database. When the original announcement came out, wasn't
there a big thing about how they were basically flipping a coin and returning
a random result every time you checked if you were affected?

Are they really able to determine which social security numbers were stolen?

------
jedimastert
Question that doesn't seem to be answered: If I take this payout now and I
find out later that my data has been used and I have to spend time later to
fix it, can I come back for the second part of the payout?

Edit: Question 12 on their FAQ says I can come back for more if there's
damages in the future:

[https://www.equifaxbreachsettlement.com/faq](https://www.equifaxbreachsettlement.com/faq)

~~~
maxerickson
It also depends on whether there are funds left.

------
avsteele
You can't claim the $125 unless you assert you currently have credit
monitoring and will for >= 6 months. You can't just go and claim $125 without
lying or giving your info to some additional org to enroll in credit
monitoring.

~~~
nemothekid
If you have a credit card (I can say for sure, any Amex card and any Capital
One Card), and you plan to keep those cards for 6 months, then you satisfy the
requirement

~~~
kgwxd
I was thinking about that, do those count? If so, do you have a source other
than a random-fish-child-on-the-internet?

Edit: Nevermind, "to the best of my knowledge" the free-for-everyone Capital
One CreditWise service qualifies.

------
crazygringo
Wow... it really is easy and takes only about 60 seconds to do, and doesn't
require signing up for any new services or anything. I'm kind of amazed. Just
go to:

[https://equifaxbreachsettlement.com](https://equifaxbreachsettlement.com)

You put in your last name and the last 6 digits of your SSN (not full SSN), it
tells you if you were impacted, you give your full contact info, select the
option for $125, it gives you an option for check or gift card, and done.

Legally it requires that you already have some form of credit monitoring,
which from other comments here seems that many credit cards already include
(mine do, e.g. Capital One).

But... I'm kind of amazed it's so easy. This really ought to be done by
everyone who already has a credit card that provides free credit monitoring. I
never thought I'd get to have a little feeling of personally holding Equifax
accountable in a small way, but here we are. :)

~~~
scarface74
It didn’t ask for my social security number. I would have remembered. I don’t
know my wife’s ssn by heart and I filled it out for her.

~~~
crazygringo
You're right... if you click "File a claim today" at the top it doesn't ask
for your SSN.

If you scroll down and click "Find out if your information is impacted" that's
where you put in the last 6 digits of your SSN and it tells you, and then
brings you straight to the form if you're eligible.

I'm not sure what will happen if you file your claim but you weren't
affected... it might just be ignored then?

------
igotsideas
Is anyone thinking about taking them to small claims court? I remembering
reading people were getting around 8k just for showing up.

~~~
astura
I'd imagine you'd only have a chance to win by default judgment unless you can
someht prove Equifax caused you monetary loss, which would be extremely
difficult.

Can you share the docket numbers of people getting $8k default judgements?

~~~
igotsideas
I can't find exactly what I read but found some other pieces.

[https://blog.legalist.com/i-won-8-000-from-equifax-in-
small-...](https://blog.legalist.com/i-won-8-000-from-equifax-in-small-claims-
court-heres-how-you-can-too-f0ce6925c079)

This is a guide to taking them to small claims. I haven't followed any of
these so I don't know how valid they are.

[https://myradvocate.com/Your%20Guide%20to%20Sue%20Equifax%20...](https://myradvocate.com/Your%20Guide%20to%20Sue%20Equifax%20in%20Small%20Claims%20Court)

------
pmiller2
Here’s what I don’t understand: my payout with credit monitoring is worth
$125, and without credit monitoring its “worth” over $800. If you multiply
$125 by the number of people affected, that value exceeds Equifax’s market
cap. Why does Equfax deserve to survive if they literally caused more damage
than the market thinks they’re worth?

------
code4tee
Actually looks like everyone should claim 20 hours of your time wasted at $25
an hour and get $500 (Option 2 listed).

I certainly had a lot of time wasted trying to figure out what to do and then
taking more actions to protect from possible consequences of their screw up.

~~~
lotsofpulp
You won’t get it because the fund for $125 and $250 penalties are $31M each,
so it will be prorated down if number of claims exceed the maximum number
allowed for a $125/$250 claim.

~~~
code4tee
Agree everyone will end up getting a cheque for like $4 or something, but
doesn’t hurt to make the claim.

------
mixmastamyk
Is it safe to look up your name on the look up tool? It is demanding access to
recaptcha, which I avoid these days.

~~~
winslow
You avoid recaptcha or looking up your name on the tool? Either way I'm
curious why you avoid it?

~~~
mixmastamyk
Was explained here recently as another way for Google to track what you're
doing.

~~~
winslow
Interesting I assume you are referring to this post:
[https://news.ycombinator.com/item?id=20294801](https://news.ycombinator.com/item?id=20294801)

------
IceWreck
Why do boingboing articles make their way to this forum? Its an opinion based
kinda joke website that just posts content sourced from other websites, then
adds their own opinions on that.

Yes its articles are somewhat fun to read, but when posting to HN, just post
the real article, which is always linked in the website.

------
lisper
Original source of this idea (referenced in the OP):

[https://slate.com/technology/2019/07/equifax-settlement-
mone...](https://slate.com/technology/2019/07/equifax-settlement-money-how-to-
claim.html?via=homepage_taps_top)

------
ohyeshedid
Last night when I went and took a look at the claims site, I noticed they were
loading Facebook and twitter scripts.[1] These scripts were even on the pages
that ask for PII. I can no longer get back to the form page to get a
screenshot as it's 403, for me, now. I would definitely suggest not using the
online claim form, as they've polluted that with tracking.

[1]: [https://i.imgur.com/ARPFyFl.png](https://i.imgur.com/ARPFyFl.png)

------
novaleaf
Tip on claiming 10hrs:

I don't think it's hard for anyone to claim 10hrs on this. Just reading the
news/basic research over the last 1.5 years can quickly reach 10hrs.

For me, I also signed up for credit monitoring a month after the breach
announcement and have since been getting spammed every week with various
credit alerts. If I spent 10 min on each mail and got 1 email/week over the
last 1.5 years that would be 13 hours of pondering credit spam.

------
tossAfterUsing
I follow BoingBoing on instagram, and it's a bit of a weird thing that they're
always telling me what my "moral duty" is...

------
mindgam3
Note: you only get $125 if you previously paid for credit monitoring. If not,
your "payout" from this settlement will simply be a few years of free
monitoring. Not terrible, but not quite as exciting as the free money you'd
expect from the headline.

------
satya71
I think the best course is actually to opt-out and reserve the right to a
lawsuit when your identity gets stolen eventually. Wish there was a simple
point-and-click letter generator to opt-out. The govt makes opt-out hard.

------
bitxbit
I believe we need to move away from fines and force corporations to give up
voting shares. A special class of shares with little to no financial benefit
held by public trusts.

~~~
crazygringo
I don't think that will work because...

1) If the public trust doesn't reach 50% of voting shares then what difference
will it make?

2) If the public trust does reach 50%, then it's no longer a for-profit
company, but rather full socialist government/public control of the economy

Fines are fine -- they reduce the value of shares and therefore the bottom
line. They just need to consistently outweigh the potential profits from bad
behavior.

If fines are too low, the solution isn't to find another fix -- it's just to
raise fines more.

~~~
ryani
You don't need to have 50% of voting shares to have significant power over a
company, if no one organization has 50% of voting shares.

If you have 10% of shares and two other organizations have 45% each, and those
two organizations have a conflict, you get to choose which of those two
organizations has control over the company. Those organizations are both
incentivized to make your needs a priority in order to secure your votes. In
this situation no single group can choose the destiny of the company without
the assistance of one of the other groups.

------
purplezooey
Like the 2003-ish tax refund checks under GWB it feels like a bribe to accept
something that should be unacceptable.

------
dylan604
Pre-paid card vs check? Which option did you go with?

------
waynecochran
It is idiotic to fill out the form. They want my name plus the last _six_
digits of my SSN! That leaves only a puny 3 digits unknown. This is why there
is identity theft in the first place.

~~~
lisper
You must be looking at the wrong form. To claim the $125 they ask for your
name, mailing address, phone number, email address and birth year. That's it.

~~~
jedberg
They asked for the first 6 of the SSN to see if you qualify.

~~~
lisper
But you don't have to see if you qualify. You can just go straight to the
claim form:

[https://secure.equifaxbreachsettlement.com/en/claim](https://secure.equifaxbreachsettlement.com/en/claim)

and let them sort it out.

~~~
jedberg
Thanks for pointing this out. That makes sense. Also now I don't have to look
up my wife's SSN.

~~~
lisper
You bet.

------
leetbulb
Would love to just out of principal, but I did not lose any money or provably
waste any time due to the breach.

~~~
sgc
You are on this thread doing research right now.

