
Equifax doesn't want consumers to get their $125 - CaliforniaKarl
https://www.nytimes.com/2019/09/16/opinion/equifax-settlement.html
======
ScoJoh
Don't know if anyone posted this before, but if you scroll down to #25 here:
[https://www.equifaxbreachsettlement.com/faq](https://www.equifaxbreachsettlement.com/faq)

You can send a letter to the Courts and let them know why you do or don't
think this is a sufficient and decent settlement.

Share it, let's get people writing in, because this lets Equifax keep really
everything and in the end little real effect from their failure to take care
of the information they were entrusted with.

~~~
camhenlin
Thanks for posting this. My wife and I already have credit monitoring so we’ve
been very frustrated that it seems like Equifax will be weaseling out of
paying us our $125 each. We’ll be sending a couple of letters today.
Personally I’d like to see the courts rethink the settlement and force the
$125 payout to everyone who requested it.

~~~
thedanbob
I'd like to see the courts force Equifax to pay $X to _everyone_ whose
information they leaked, whether they request it or not. But this settlement
doesn't seem to be about actually punishing Equifax at all or fairly
recompensing those affected.

~~~
the_watcher
This is a very, very imperfect method of figuring out the key question here
("Would Equifax just file for bankruptcy?"), but their enterprise value is
~$20B, and paying out $125 per person would cost over $18B, so it seems pretty
clear you'd need to reduce the per person payout. It would take more work than
I can put in right now to decide what it should be, but _finger in the wind_
halving it seems like the right starting point.

~~~
bdamm
Bankruptcy seems quite appropriate. They not only failed to maintain the
security of the data, they also provided no identity theft protection to the
public (unless you _asked_ for it), and as a company appeared to have no plan
for this event. Given that they were entrusted with the identity data for
basically all Americans, that is inexcusable.

~~~
ptero
> Bankruptcy seems quite appropriate.

Hmm... Would not they just file for a Chapter 11 bankruptcy, restructure their
debts (i.e., write those pesky $125 payments off), then emerge in a better
shape than they were?

~~~
mffnbs
(i.e., write those pesky $125 payments off)

What does that mean? As far as I know, you can't just announce that you're
"writing off" debts and have them magically disappear.

~~~
posterboy
You sell the company at a low price to a friend and pay out the low sum to the
plaintiffs. This would need approval under chapter 11, I guess, and if you
sell the company it includes the debt, so they'd have to be tricky about it
and just sell the meat or the milk, not the whole cow. Ironically, this
invariably means selling the customer data (but also existing contracts and
what not). IANAL

~~~
nradov
The bankruptcy judge and trustee wouldn't approve an asset sale at
significantly less than fair market value.

------
cwkoss
If anyone is getting a mortgage or refinancing soon, ask your lender to 'drop'
equifax without running your score with them - just take the score from the
other two. Equifax is an unnecessary security and privacy risk.

They are a horrible company that needs to go out of business. Make their
customers feel embarrassed to be doing business with them.

~~~
TheSoftwareGuy
Do we really know for sure that the other bureau's are really any better, and
not just lucky at this point?

~~~
beepboopbeep
I swear this is the motto of hacker news. "Everything sucks and you're wasting
your time trying to change it" \- HN

~~~
criley2
Not just hacker news, it's pervasive in any community where people who value
intelligence meet. It's because cynicism is a lazy shortcut to a 'smart
opinion'.

How do we sound smart with zero effort? Well we don't want to be gullible
(everything is good and fair!) so we do the opposite (everything is corrupt
and bad!).

I really wish it were more than that.

~~~
benj111
So what you're saying is, everyone says something is black (or white to appear
smart), so therefore to appear actually smart, I should say everything is a
shade of grey?

~~~
AtHeartEngineer
Everything is a shade of grey Seriously though, most of the time it actually
is, and it's almost always more complex than we realize.

Saying something like "Amazon is good" well, that's an opinion, definitely
grey. Saying "This is exactly 1 inch", well, it probably isn't and the more
you care about it's accuracy, the harder it is to measure. Most things are
like that. Clear cut at first, and increasingly more difficult the more
precise you go. The devil is in the details.

So, yes, if the only options are black and white, the answers are generally
easy, you've got a 50% chance of being wrong. As soon as you blur the line,
you're basically wrong all the time. The goal is to be less wrong, and to
improve, make progress.

------
exabrial
Everyone needs to realize that the whole "fine" was just an inside deal. Who
do you think provides credit monitoring services? That's right, credit
bureaus. That's why the they're pushing everyone to take the "free credit
monitoring", so they recover the loss from the fine.

If they were to pay all 140 million people $125, the sum would be $17b or so,
which is an appropriate fine.

~~~
amalcon
It's doubly painful, because the "free credit monitoring" on offer is provided
_by Equifax_ \-- the exact company whose competence we don't trust anymore.
The compensation for being affected by Equifax's security failure is a gratis
security offering from that same company. For crying out loud, they could have
at least paid Experian or TransUnion to do the monitoring: while they are just
as shady, we don't have immediate evidence of their security incompetence.

It's like if you purchased a product that exploded, injuring you, but somehow
the manufacturer was permitted to compensate you by giving you other products
they manufacture. Why would you want those products? How do you know they
won't also explode?

~~~
dwild
> It's doubly painful, because the "free credit monitoring" on offer is
> provided by Equifax -- the exact company whose competence we don't trust
> anymore.

The free credit monitoring is provided by Experian, not Equifax. [1]

[1]
[https://www.equifaxbreachsettlement.com/](https://www.equifaxbreachsettlement.com/)

~~~
amalcon
Oh neat, I must have glossed over that part. Egg on my face then. It's still
not great, but significantly better than I thought it was.

------
argd678
It seems like companies only get the message when there’s jail time involved.
None of the companies would freeze my credit since their web sites said some
unspecified value couldn’t be verified for me, despite confirming my data was
indeed lost. Pretty sure, like other regulations that include jail time, this
wouldn’t have happened or their website to freeze my credit would have worked.

~~~
socalnate1
Why is Hacker news so obsessed with sending people to jail? Literally every
time any sort of corporation get's fined (for nearly anything), there is a
loud call to send people to prison.

It's like there is this undercurrent of bloodthirstiness and hatred for large
companies and their leaders that get's brought to the surface.

~~~
FireBeyond
Because many times, the default "punishment" is a fine that is often times a
_small percentage_ of the _profit_ from the illegal/negligent act.

That is not a punishment, or even a deterrent. And therefore, corporate
leaders continue, unabated, doing things like this. Because there is
effectively zero incentive to do so.

If you are a corporate officer, directing and / or approving policies that are
illegal, tell me why you should -not- go to prison?

~~~
tathougies
> If you are a corporate officer, directing and / or approving policies that
> are illegal, tell me why you should -not- go to prison?

You should and the law allows for this. Certain crimes will get corporate
executives locked up. It's a matter of making stricter liabilities and
sentences for these white collar crimes, which really should have happened
yesterday.

~~~
FireBeyond
I absolutely agree. I was addressing the parent, more - and their question of
"why does HN have this obsession with sending people to prison for
corporate/white collar crimes?"

------
phyzome
Are we "consumers" now, rather than "victims" or "citizens"? Are we defined by
what we buy?

~~~
msla
> Are we "consumers" now, rather than "victims" or "citizens"?

Are you a child, a parent, a sibling, or a citizen?

Or are you all of those things depending on context?

I get what you're saying, but you chose a way of expressing it which invites
immediate response.

~~~
atwebb
They were saying that in this context it should say victims.

Saying consumers changes the way it is read.

Following your logic try this one:

Equifax doesn't want children to get their $125

It reads differently.

------
rundmc
In an ideal world, a white-hat would write a script that uses all of the
hacked data to apply for the settlement on behalf of the hacked users so that
the affected users don't have to individually work out how to hack Equifax's
claims process.

~~~
amelius
In an ideal world, a government agency would fine Equifax the full amount, and
customers could claim their money from them instead.

~~~
crispyambulance
Or better, liquidate Equifax entirely to demonstrate that there are
consequences that a fancy law firm can't mitigate.

I realize that's wishful thinking. Of course they're going to get away with
paying what is effectively a parking ticket. Nor will any of their executives
face any meaningful repercussions.

~~~
dawnerd
Courts would also have to bar current board members and maybe even investors
from founding another credit agency. Not good enough to kill the company,
gotta make sure it doesn’t come back.

------
mnm1
I have credit monitoring but signed up for it from this settlement anyway. I
doubt anyone will see anymore than a couple of bucks from this. It's a scam
and they got away with it. That's what happens when your government cares more
about corporate profits than people. None of the things here will do anything
to change that short of pursuing your own case against them which will
definitely cost more than $125, not to mention time and effort. The bad guys
just won. As usual.

------
projektfu
Equifax cannot afford to pay $125 to each member of the potential class. It's
way above their revenue, let alone profit. So they would go bankrupt and
whatever cash is on hand would be divvied up. The credit information would
presumably be sold to the highest bidder.

How about the FTC instead agrees that identities cannot be stolen and puts
companies on the hook for the money they lose by not verifying identity. You
have an account with a bank and they give the money to a fraudster? Well, then
they have to credit your account and go looking for the money. Someone opens a
loan in your name? The company has to pay you for the time spent removing
their garbage from the credit report and they have to go get the money back
from the fraudster. Why not just remove the bite from identity theft?

~~~
pimmen
> Equifax cannot afford to pay $125 to each member of the potential class.

That’s not the victims’ problem. Even if Equifax has to be completely
liquidated to cover the compensation, the government should fight to make an
example of such a terrible company and give the victims some sense of justice.
Hopefully the board and the executives would rethink their lives and careers,
maybe even change.

~~~
scarejunba
It becomes the victims' problem when Equifax declares bankruptcy and escapes
paying.

~~~
yardie
The upside is their competitors sees what happens to that guy and never make
the same mistake.

A company the size of Equifax going bust due to negligence would show
Experian, Lexis-Nexis, and Transunion that these records aren't assets but
large liabilities to be handled with extreme diligence.

------
auiya
This whole process is a joke. I went and dug up my claim number, entered it
into the site to amend, and the site just dies and doesn't allow me to proceed
any further. If they had my contact info to begin with, just cut me a check
and skip the shenanigans.

~~~
boopk
do you have a link? I can't find it. This same thing was happening to me when
I first got the email

~~~
deadmik3
I just did it and it worked fine. followed the link from my email.

------
ummonk
I'm definitely going to write a letter objecting to the settlement, and will
urge everyone I know to do so as well.

~~~
koboll
To what? The Trump-controlled FTC? The castrated CFPB that now spends its time
promoting a partnership with the most medieval red states called the
"Financial Innovation Network" ([https://www.consumerfinance.gov/about-
us/newsroom/bureau-sta...](https://www.consumerfinance.gov/about-
us/newsroom/bureau-state-regulators-launch-american-consumer-financial-
innovation-network/))? Where do you think that's going to get you?

~~~
hyperbovine
To the court. RTFA please.

------
harryh
The title of this post (which, admittedly, was taken from the NYTimes) isn't
really correct.

The terms of the settlement have been set. Equifax's financial outlay is
fixed. All of the post settlement divvying up of the funds is being
administered by the government bodies who negotiated the settlement, not
Equifax.

Equifax's desires about how the money gets divvied up at this point are
irrelevant.

~~~
aloknnikhil
You're right. The title is not very accurate.

The text from the Equifax Settlement Administrator

> Your Equifax Claim: You Must Act by October 15, 2019 or Your Claim for
> Alternative Compensation Will Be Denied. The amount you receive in
> connection with your alternative compensation claim may be significantly
> reduced depending on how many valid claims are ultimately submitted by other
> class members for this relief. Based on the number of potentially valid
> claims that have been submitted to date, payments of these benefits likely
> will be substantially lowered and will be distributed on a proportional
> basis if the settlement becomes final. Depending on the number of valid
> claims that are filed, the amount you receive for alternative compensation
> may be a small percentage of your initial claim.

That text was just them fear mongering. Even the FTC urged to opt for the
credit monitoring instead through more fear inducing statements.

> You can still choose the cash option on the claim form, but you will be
> disappointed with the amount you receive and you won’t get the free credit
> monitoring.

> [https://www.ftc.gov/enforcement/cases-
> proceedings/refunds/eq...](https://www.ftc.gov/enforcement/cases-
> proceedings/refunds/equifax-data-breach-settlement)

But, if this is how the whole process is "administered", then I guess you
might as well not have any hopes of seeing the compensation.

EDIT: Corrected to identify the authority of the email correctly.

~~~
harryh
Equifax didn't send you that email. If you read further down in the e-mail it
even says "This email is from the Court-appointed settlement administrator,
not Equifax."

~~~
aloknnikhil
Fair enough. That just makes the whole thing even worse. There's basically no
hope in receiving the compensation anymore.

~~~
harryh
The vast majority of the settlement is designated for people who experience
actual harm (identity theft of some kind basically) from the breach.

It's perfectly reasonable that people who's lives haven't been negatively
impacted in any real way don't receive anything more than a token payment.

~~~
aloknnikhil
The alternative compensations was set at $31 million. And the cash
compensations per person caps out at $20,000. If we start with this cap, the
settlement was supposed to benefit only 1,550 individuals out of the 148
million records that were breached. Even if you assume just $125 per person,
that number only benefits 248,000. So the number of people benefiting from
this range between 1,550 and 248,000, if the original settlement claims were
to be upheld. Instead, every claimant is now being asked to get credit
monitoring from the same company that couldn't secure the records. To be fair,
the FTC does suggest getting an alternative from Experian, but only in the
FAQ.

~~~
harryh
The 31 million is for the people that haven't experienced any identity theft.
This is the money being split up by all the people making $125 claims.

The total pool to pay out claims to consumer is 425 million. Subtracting the
31M that leaves 394 million for people who experience real harm. The $20,000
cap per person is for people drawing money from this pool.

~~~
aloknnikhil
Um, the FTC says otherwise.

> For consumers impacted by the Equifax breach, today’s settlement will make
> available up to $425 million for time and money they spent to protect
> themselves from potential threats of identity theft or addressing incidents
> of identity theft as a result of the breach.

[https://www.ftc.gov/news-events/press-
releases/2019/07/equif...](https://www.ftc.gov/news-events/press-
releases/2019/07/equifax-pay-575-million-part-settlement-ftc-cfpb-states-
related)

That consumer fund of $425 million was "supposed" to also cover protection
from any potential incidents of identity theft. So, let's go with this pool
then. Assuming there are 21,250 valid claims qualifying for the cap, is the
settlement complete? There's no one left to compensate? I'd say clearly not.
Are you willing to bet that only 0.01% of the breached credentials were
misused? How did they even arrive at this number? Let's say we assume, it
really is a number lower than that. With whatever's left, I'd be willing to
bet, a significant number would not trust Equifax with monitoring anymore.
Perhaps they even bought credit monitoring as a reaction to the breach. How do
you compensate that? Which ever way you want to slice this, it's clearly
insufficient.

~~~
harryh
That FTC statement says exactly what I said:

There is a 425 million pool. It's to be used for:

1) "time and money they spent to protect themselves from potential threats of
identity theft" (the 31 million part)

OR

2) "addressing incidents of identity theft as a result of the breach" (the 394
million part)

And yes, at some point both pools can be exhausted at which case there will be
no more money for future claims. That's how a settlement works. Since there
have currently been exactly 0 incidents of identity theft as a result of the
breach it might not be so far fetched to say that there will be plenty of
money in the pool to cover any incidents.

~~~
aloknnikhil
Your original comment, before you edited it, did not call that out. You
specified the 425 million as only for people affected by the breach. And
that's not what it was for. Anyhow, how do you know there have been exactly 0
incidents? Where do you even begin to trace any incident back to this breach
as the cause? Claiming it as non-existent is a bit naive. The damage has been
done. Your information is out there. Again, slice it anyway you want. Let's
assume NO ONE has been ACTUALLY impacted. Let's go with identify theft
protection. As a consumer, I don't trust Equifax anymore. Since they
mishandled my data, it's perfectly valid for me to reject them and opt for
another monitoring service I trust, which let's say I have to pay for. I am in
the situation covering my bases because of Equifax. So, I expect them to
compensate me for this service. Oh wait, there's no money left. Use our credit
monitoring service or get wrecked. And this is ok? So, based on your
statement, we're literally relying on a vast majority of people either opting
for the credit monitoring from Equifax or not claiming any damages for the
rest to receive any compensation? If that's OK, then I guess I'll stop
engaging here.

~~~
harryh
There are numerous credit monitoring services you can use for free. There is
no need for you to get any money to use one.

I personally like CreditKarma.com

~~~
aloknnikhil
It's not about you though. People have choices. They don't trust a free
service, because you more often than not end up being the product. Again, not
claiming Credit Karma sells your data (on the contrary the CEO claims it's
only for selling ads based on your credit report)

[https://www.reddit.com/r/IAmA/comments/2qq95l/i_am_the_found...](https://www.reddit.com/r/IAmA/comments/2qq95l/i_am_the_founder_of_credit_karma_ask_me_anything/?utm_source=amp&utm_medium=&utm_content=post_body)

But it's my choice as a consumer. Do you make all of your choices with only
cost as the factor? Probably not. Or at least not when it comes to security.
So, people will have their preferences. But apparently not, if you're party to
this settlement.

------
ptyyy
I chose the cash option because I have credit monitoring through 2025 from the
OPM breach of my SF-86 (security clearance application information) years ago.
This is so idiotic. The FTC did consumers no favors in negotiating such an
absolutely pitiful settlement.

------
DATACOMMANDER
This is the sort of thing that millennials should focus our energy on. We may
be politically polarized, but I think we can all agree that this is bullshit
and needs to be fought.

------
tracer4201
Is Equifax actually liable or responsible for anything? No jail time or other
penalties for executives. Okay so how are they held accountable?

~~~
ummonk
Jail time for executives seems a little excessive for some employee merely
failing to apply a security patch...

On the other hand, this settlement shouldn't have been capped at such a
ridiculously low amount.

~~~
pimmen
They made the conscious decision to monetize personal data belonging to more
than a hundred million people. That means they should take every measure
available to make sure something that sensitive is not released.

If this was the US Airforce who lost an armed nuclear ICBM the commanding
officer who was ok with this ”whoopsie” would have to explain him or herself
to quite a few officials.

~~~
jimhefferon
> They made the conscious decision to monetize personal data belonging to more
> than a hundred million people. That means they should take every measure
> available

I disagree. I think it means they owe a hundred million people (a) an offer to
opt-in to their service and (b) a share of their profits for doing so.

~~~
pimmen
Yeah, I agree with that. Basically we want to use a and b as incentives for
them to take every measure available not to fail like this ever again. And as
incentives for everyone else in the business.

------
the_watcher
Something I've wondered always wondered when reading through class actions: do
multiple class actions suits over the same set of facts ever happen? Are they
possible?

It seems _technically_ possible: Class action settlement reached, somehow a
huge portion of the impacted class opts out of the settlement (extremely
unlikely, but possible). Opted out class members somehow organize a subsequent
action.

Is the above possible? By opting out, you explicitly keep your own individual
right to bring action against the defendant, but does it bar class action
participation? There's a moral hazard argument that allowing this would create
a perverse incentive on the part of the class legal representation to
encourage class members to opt out of the settlement and organize subsequent
actions.

~~~
takeda
I am not a lawyer, but to me if you signed up for class action, and you agreed
that the $125 check supposed to be the payment for your damages and the other
party backed off and did not provide it that means the agreement shouldn't be
valid.

~~~
the_watcher
Disclaimer: IANAL (but did go to law school and vaguely paid attention to this
part so lawyers, please correct my recollections where wrong)

My recollection is that, usually, only a small number of people actively sign
up to the class during the lawsuit & settlement negotiation phase, and the
named class is _guaranteed_ a substantially higher payout. The settlement is
worded as _up to_ $X for the rest of the class, who can choose to accept the
fact that the amount is not a guarantee or decline and keep their ability to
bring a subsequent action (hence my original question of "Can you bring
subsequent class action suits comprised of different subsets of the same
impacted class?").

So basically, the people who actively signed up are getting a guarantee of an
amount they negotiated, the rest of us are stuck deciding how valuable "up to"
$125 actually is.

------
zer0faith
We really need accountability for stake holders who discount security concerns
because some cool widget "adds value" and everyone else is doing it.

Honestly.. send these people to jail make an example out of them.. hopefully
people will think twice.

------
CaliforniaKarl
[http://archive.is/HWdcR](http://archive.is/HWdcR)

------
tlrobinson
Question not specifically related to the settlement:

Shouldn't this breach of nearly half of all Americans' social security numbers
be the nail in the coffin of pretending SSNs are a secret that can be used to
verify your identity?

------
icedchai
We're all going to wind up with closer to $1.25. Wow. Thanks for the bean
burrito.

------
CaliforniaKarl
tl;dr: For those who applied for the $125 payout option in the Equifax data
breach settlement, you should've gotten an email requiring that you provide
more information by October 15, or that your claim would be denied.

The FTC confirms it's legit: [https://www.ftc.gov/enforcement/cases-
proceedings/refunds/eq...](https://www.ftc.gov/enforcement/cases-
proceedings/refunds/equifax-data-breach-settlement#FAQ4) (FAQ 4 item 2)

The article's author says Gmail filed it into the 'Promotions' folder.

~~~
ulkesh
I received no such email and I signed up fairly quickly for the $125. I've
checked my spam folder as well as everywhere else, they simply haven't sent me
such an email.

~~~
Fishkins
Neither did I. Does anyone know what to do in this case? I have my Equifax
claim code.

~~~
CaliforniaKarl
Go to the claim web site and choose to 'Modify/Amend Your Claim'. There should
be a place now for you to specify which credit-monitoring service you are
using.

------
ilaksh
It seems like we should sue Equifax for their fraudulent handling of the
settlement and also the FTC for letting it through. It seems like it was such
a joke that it was probably enabled by bribes or something.

They should start over and aim for explicitly liquidating and redistributing
all of Equifax's assets. At the same time if there were bribes or conflicts of
interest at the FTC then those people involved should go to prison.

------
negrit
Is there a way to know if I'm part of the class action settlement? IIRC I
refuse to take part of the lawsuit since I was planning on suing them in small
claim court.

------
narcos
Equifax should go bankrupt and sell all its assets for paying the settlement.
Equifax has no value and it can only create troubles to people. It should not
exist.

------
MisterBastahrd
Equifax should have been flat out shut down and liquidated.

------
bradleyjg
Equifax wants global peace. Class lawyers and settlement administrators want a
big payday (in cash, not credit monitoring). The judge wants the case off his
docket.

No one represents the interests of the class. Class action lawsuits aren’t
designed to further the interests of the class. They are designed to encourage
ad hoc, profit driven, independent regulators.

Whether this is a good idea or not is a tough question (I lean towards no) but
if you aren’t clear on what the system is trying to do you will certainly find
it confusing and frustrating.

~~~
Bhilai
But why not do your job as a citizen and send a simple letter objecting to
this settlement -
[https://www.equifaxbreachsettlement.com/faq](https://www.equifaxbreachsettlement.com/faq)
Q#25

~~~
bradleyjg
I probably will. I have in the past. Judges don’t care.

------
Jabbles
Did the EU manage to extract anything for Europeans that were caught up in
this? I note that only US-residents are eligible for this $125.

------
simplecomplex
How do I start a credit reporting company?

------
nikolay
They should be sued out of existence!

------
consultSKI
Treble due!

------
hamilyon2
I don't understand it. Here is hn, where everyone knows that cybersecurity is
100% offence 0% defence. It is basically our job to secure systems and we all
agree it is pretty much impossible, unless you airgap every computer in
building and glue every USB port.

Then, knowing that, we blame equifax for data breach. Equifax is fat target
and it was matter of time data would be stolen.

~~~
mlrtime
HN definitely has a pitchfork mentality similar to other groups. It also leans
politically left. It's not as bad as reddit yet but it is slowly getting that
way (waiting for downvotes).

~~~
pas
What does political leaning has to do with IT sec?

~~~
probablyexists
It is a pretty common tactic on general topic websites lately. It is easier to
dismiss comments without actual reasoning if you assume they are from people
that don't align with your political views.

