
Submit Your Claim in the Equifax Breach Settlement - caymanjim
https://www.equifaxbreachsettlement.com/
======
simonsarris
It would become a legendary case study if this site turned out to be an
information phishing site. (This one is legit but I expect it to happen
someday. I'm surprised it hasn't already.)

After all this site links to the law firm JND, but nowhere does JND mention
_this_ site. So any of us could have made this site.

 _Use the form below to find out if your information was impacted and if you
are a class member._

 _Last Name_ _______

 _Last 6 Digits of Social Security Number_ ________

~~~
jwp23
Your comment inspired me to take a look. I compared the SSL certificate and
the whois information to equifax.com. The settlement site uses a different
company for the certificate. The settlement site uses Starfield Technologies
vs DigiCert for equifax.com. The settlement site uses GoDaddy for their DNS vs
UltraDNS for equifax.com. It's not impossible that a division in the company
or a different law firm uses different SSL certificate provider and DNS
provider, but it may point to some caution.

Edit: As another commenter pointed out, this site is linked to from the FTC
site about the breach.

~~~
devcpp
Why compare it to Equifax? I'd just assume it's an unrelated malicious
opportunist. I'd rather compare it to JND to have evidence towards proving
that it's legit. Anyway it is legit since it's mentioned on the FTC site.

~~~
jwp23
I made a faulty assumption. As others have pointed out, the settlement site is
run by a third party.

------
soulofmischief
I don't want money. I don't want free service. I don't want any compensation.

I want Equifax as a company to be dissolved for incompetency with private
data, and I want a way to legally opt out of other such companies collecting
and aggregating private data about me.

~~~
swalsh
"I want a way to legally opt out of other such companies collecting and
aggregating private data about me."

The problem is this also means you will be completely opting out of the credit
system. No more morgtgages, no more credit cards, no more car loans.

I'm afraid it's kind of a necessary evil.

~~~
mikeash
It’s a convenient evil.

Finance isn’t the only area that uses reputation judge people. I imagine we’ve
all been asked for references when applying for a job or an apartment. Jobs
and apartments manage to get by without a centralized score.

Mortgages predate credit scores by centuries. It’s demonstrably not necessary.

~~~
ed312
Many, if not all medium to large companies do in fact pull a limited credit
report as part of the screening process. Also, there is far more regulation on
mortgages these days. E.g. I can get a massive home loan from a banker I've
never met before because of credit bureaus.

~~~
mikeash
Many do, many don’t. And they’d keep on hiring just fine if they couldn’t.

As for getting a loan from a banker you’ve never met, my point exactly.
They’re a _convenient_ evil.

------
dccoolgai
5-second glance at the the stuff in the <head> shows pixels for: Google Ads,
Facebook, Twitter, a bunch of other slimy stuff.

What the actual F. Who does that?

Edit: also, no content security policy, no subresource integrity for 3rd party
scripts. Is there such a thing as filing a class action against the party
handling the class action? This is downright irresponsible.

Edit: I see a couple of the 3rd party scripts have integrity, but most don't.

~~~
webninja
What he’s saying is that even if www.equifaxbreachsettlement.com isn’t using
the 5 digits of your SSN for nefarious purposes, Google Ads, Facebook,
Twitter, and other slimy companies are collecting this data. Even if FB,
Twitter, Google et al aren’t using this data, it might be available to
marketers who use these Ad platforms.

Please correct me if my explanation of the parent comment is wrong here.

------
mNovak
Some tips:

Note that many free credit monitoring services exist, and most credit cards
nowadays have this feature available. These qualify you for the $125 payout.

Up to 10 hours effort ($250) can be claimed without documentation, for time
spent battling or preventing ID theft. Preventing is probably key here, and
could cover a lot of activities.

~~~
lotsofpulp
The $125 and $250 come from a maximum fund of $31M each, so there is almost no
chance anyone will get $125 or $250.

------
jammygit
By comparison, here's somebody who sued them in small claims court and won
$8000:

[https://blog.legalist.com/i-won-8-000-from-equifax-in-
small-...](https://blog.legalist.com/i-won-8-000-from-equifax-in-small-claims-
court-heres-how-you-can-too-f0ce6925c079?gi=6cf7765790c2)

an update about winning the appeal afterwards (edit: apparently they got it
reduced to $5500):

[https://blog.legalist.com/i-fought-equifaxs-lawyer-in-
court-...](https://blog.legalist.com/i-fought-equifaxs-lawyer-in-court-and-
won-here-s-how-a16930c53af3)

~~~
cbau
Really interesting! Does submitting a claim here prevent you from suing
Equifax in small claims court? It seems possible that a $5000 may be worth my
time.

~~~
scott00
Not only does submitting a claim prevent you from suing Equifax, the only way
to preserve your right to sue is to actively exclude yourself from the
settlement. See FAQs 19 and 23.

19:
[https://www.equifaxbreachsettlement.com/faq#q-19](https://www.equifaxbreachsettlement.com/faq#q-19)

23:
[https://www.equifaxbreachsettlement.com/faq#q-23](https://www.equifaxbreachsettlement.com/faq#q-23)

~~~
jammygit
That can’t be legally binding

~~~
kube-system
It appears that rule 23 of the Federal Rules of Civil Procedure binds even
unnamed parties of a class action suit, unless they exclude themselves from an
eligible suit.

[https://civilprocedure.uslegal.com/class-action/binding-
natu...](https://civilprocedure.uslegal.com/class-action/binding-nature-of-
class-actions/)

------
aaronmid
[https://www.ftc.gov/enforcement/cases-
proceedings/refunds/eq...](https://www.ftc.gov/enforcement/cases-
proceedings/refunds/equifax-data-breach-settlement)

It's mentioned in the FTC site.

------
jbredeche
If this breach affected 147M people (which is what I can find from various
articles), and $700M was set aside (before attorney fees), and most claims
will be $125, that's only ~4M people who will get $125.

Are they expecting very few people to file claims? Or what am I missing?

~~~
TallGuyShort
It sounds to me like they'll give you free credit monitoring, UNLESS YOU
ALREADY HAD CREDIT MONITORING, then they'll give you $125. Most people don't
have credit monitoring, I think. Personally, I've found the free credit
monitoring that they gave me pretty useless. I get an email regularly telling
me my score changed. I have to go log in and find out I went up 2 points
because of an algorithm change. Thanks for looking out, Equifax! Then I go to
a dealer and they pull my credit and it's dramatically higher than what
Equifax has been telling me. The whole system seems silly to me.

~~~
krastanov
It is either-or, not both. If you want the money you have to promise you have
credit monitoring from somewhere else. Credit Karma (for example) counts as
free credit monitoring and you can easily make an account before making the
claim. Many credit cards come with monitoring too.

~~~
markholmes
I believe NerdWallet counts as well.

------
lr
They can keep the $125 (although, I wish I could direct it to a charity). I
don't want to submit all of this information to an entity who's data security
is probably worse (hard to believe) than Equifax!

~~~
ModernMech
I'm sure they have it all already.

~~~
astura
Of course they do, they have to verify you're a member of the class.

------
discreditable
It's turbo BS that you're not entitled to cash payout unless you already have
a credit monitoring service.

~~~
powerset
I wonder what counts as a credit monitoring service. Can I choose what service
I use? ...Can I monitor it myself?

~~~
floatingatoll
There are two reasonable answers, ignoring whatever is specified in the
legalese which of course takes precedence:

1) It must be a third party service that you have entered into a business
arrangement with, where the arrangement in clear and specific terms provides
you with credit monitoring.

2) It must hold up in a court of law if challenged.

That second one is the anti-loophole provision of law, and protects against
the kind of loopholes people try to find to get around the clear intent of the
requirement.

You can choose to use any service that would hold up in a court of law. There
are no clear answers on whether "any" service would. Time established,
diversity of customers, active or inactive business, frequency of credit
report inspection; all could be factors in a judicial evaluation of whether
you complied with the terms or not. Capital One? Yes, they plausibly do offer
credit monitoring as a service. Joe Bloe's Credit Woes? Entirely possible, if
they've been around a while and can demonstrate that they pull credit reports
on a regular basis and audit them in some manner.

Can you monitor it yourself? Only if you already operate a credit monitoring
business. Otherwise, it'll fail the plausible test, and you lose your $125 +
lawyer fees + risk angering a judge.

------
toomuchtodo
Reddit thread with detailed information on claim submittal [1].

[1]
[https://www.reddit.com/r/personalfinance/comments/ch9tcj/cla...](https://www.reddit.com/r/personalfinance/comments/ch9tcj/claims_are_now_being_accepted_for_the_2017/)

------
lkrubner
I'm feeling a bit cynical, and I wonder if this will bring real changes? I
happen to have a good friend at ReliaQuest, so I know that, after the data
theft, Equifax hired ReliaQuest, and has slowly expanded that contract, giving
more and more responsibility to ReliaQuest. My friend is an awesome engineer
and ReliaQuest is a very good outfit, but still, I'm frustrated by the idea
that the CEO of Equifax can simply outsource security and then not think about
it any more. For companies that hold people's most sensitive data, I'd like
the top person to be obsessed with security 24 hours a day. I wrote about this
previously:

" _If a company handles people’s sensitive financial data, then I would like
the CEO to be the type of person who wakes up in the morning thinking about
security, goes to sleep at night thinking about security, and never has
security far from their mind during the day. So to hire a security company,
and then act as if security is a solved problem, is troubling. There are many
other ways for a company to be hacked. Social engineering is a danger, and
most company hacks are inside jobs. Hiring a firm such as ReliaQuest does not
protect you from having one of your own employees steal data and sell it to
the Russians. Protecting against internal attacks requires hard thinking by
the top leadership of the company. The job can not be outsourced._ "

[http://www.smashcompany.com/business/if-a-company-is-
serious...](http://www.smashcompany.com/business/if-a-company-is-serious-
about-security-then-who-in-the-company-is-serious-about-security)

~~~
trollied
No. A CEO runs every aspect of a business. While it might be a bad call
outsourcing everything, they obviously want expertise rather than having to
either rely on their current team that fucked up (which would be viewed as
negative), or take some time to hire new people. Hiring new people takes time
& isn’t reactionary. Everyone will want them to be seen to be doing something.
Hiring an external company is possibly the best short term thing they could
do.

------
hnruss
My anti-virus software flags the "File a Claim" page as a phishing site.

------
gouggoug
And to file a claim I have to submit all my personal information over again;
Oh the irony...

------
rednerrus
CreditKarma offers free credit monitoring.

------
non-prophet
I completed the request with specified damages from the breach. I recently
received a letter saying my claim was denied as I had "failed to mail the
documentation," however, there was no notice on the webform that I completed
that required mailing the documentation.

------
rdl
This is the first time I've seen cash vs. the useless credit monitoring as a
compensation offer.

~~~
caymanjim
You can only claim the $125 cash if you affirm that you're already paying for
credit monitoring. While I don't expect anyone to confirm your claim, you do
have to sign your name to a legal document stating as much. You can make
additional compensation claims if you suffered actual damage or spent time
dealing with the breach, but as I could not honestly claim such, I don't know
what that part of the process entails.

~~~
scottydelta
but this is stupid. Individuals keeping an eye on their credit history and
every change should be counted as credit monitoring.

------
OkGoDoIt
“Class Counsel will ask the Court to award them attorneys’ fees of up to
$77,500,000 and reimbursement for costs and expenses up to $3,000,000 to be
paid from the Consumer Restitution Fund.”

The lawyers are the real winner here.

------
eloff
What can Canadians do?

------
ausjke
what's lost? my SSN/name/address/phone? or what? what is exactly lost?

if SSN/birthdate/name is gone, then anyone can fake me online, apply credit
card under my name.

am I missing something? what was stolen from me?

so yes I can say I worried for 10+ hours and Equifax will pay me $250 no
questions asked, but this is not exactly what I want to have.

------
intrasight
Hmm - I had to disable uBlock Origin on that site in order to submit a claim.
Hate it when that happens.

~~~
sh-run
Do you have custom rules enabled? I'm running the default uBlock Origin
(version 1.18.6) on Firefox (60.8.0esr - company machine) and didn't have any
problems. uBlock reports that it blocked seven requests to four domains (ads-
twitter.com, bing.com, facebook.net and googletagmanager.com)

------
jmount
Just another way to submit your PII to a bound to be leaked repository.

------
Muuuchem
How do I know if I get something from this?

------
thedudeabides5
Is this spam on HN?

------
gesman
equifaxbreachsettlement.com Registered anonymously with GoDaddy for 1 year.

This is scam

~~~
zadkey
It is officially linked from the FTC.gov website.

[https://www.ftc.gov/enforcement/cases-
proceedings/refunds/eq...](https://www.ftc.gov/enforcement/cases-
proceedings/refunds/equifax-data-breach-settlement)

So I strongly doubt it is a scam.

~~~
groovybits
This is official, but remember what happened when we assumed that links from
official sources were official.

Healthy paranoia :)

