Equifax To Pay At Least $575M as Part of FTC Settlement (cnet.com) 58
Equifax has agreed to pay at least $575 million to the US Federal Trade Commission, the Consumer Financial Protection Bureau and all 50 states over its massive 2017 data breach. From a report: If that isn't enough to compensate people impacted by the breach, the credit reporting company could have to pay up to $700 million -- a figure we got hints about on Friday. The settlement includes $300 million for a fund providing affected consumers with credit monitoring services and for those who bought credit or identity monitoring services in the wake of the breach. If that doesn't cover the losses, Equifax will add up to $125 million to the fund. It's also agreed to pay $175 million to 48 states, the District of Columbia and Puerto Rico, as well as $100 million in civil penalties to the CFPB. Hackers stole the personal information -- including Social Security numbers and home addresses -- of nearly 148 million Americans from Equifax's servers in a data breach that ran from May and July 2017. A December 2018 House Oversight Committee report called the breach "entirely preventable," saying Equifax didn't take action to prevent it and wasn't prepared for the aftermath.
Whoopee shit (Score:4, Interesting)
My identity has been stolen so many times that I'll probably never be able to buy anything on credit again, unless I steal someone else's identity. How are the credit-raping agencies going to compensate me for that?
Re: (Score:2)
Re:Whoopee shit (Score:5, Interesting)
At this point everyone's info has been leaked quite a few times, so you're not any worse off than most.
One thing I'd recommend you do is place a "credit freeze" on your profile with the 3 major agencies. It doesn't allow any credit inquiries or applications without removing the freeze, which you need a code to do (I keep my codes printed in a fireproof box under my bed - they're not stored digitally by me anywhere). Removing those freezes is much more difficult without those codes to the point where thieves generally won't both and will move on to another identity.
Whenever I want to apply for new credit I just lift the freeze temporarily and then reapply it.
Eventually though this whole system is going to have to be overhauled. Having effectively everything tied to a 9 digit SSN number that you're supposed to be able to keep secret your entire life (while also requiring that you provide it to numerous people and agencies along the way) just isn't a sustainable solution.
Re: (Score:2)
You mean like the freeze that Experian put on my credit, the one that I did not request, the one that just tanked a mortgage application because they won't let me unfreeze it without jumping through a variety of hoops (one being mailing enough personal information that anyone who go their hands on it would be able to access any of my accounts)
Weird.
I just unfroze my Experian freeze and it wasn't that big of a deal.
The usual entering of personal info then a series of questions about financial history that only I should know the answers to.
Re: (Score:2, Insightful)
Re: (Score:2)
Of course they have to store a copy on the provider's end, however the point is that no one can get my codes by hacking ME (and as such, conveniently finding all 3 in one place). If they hack one of the "big 3" they can get their copy of the code, however that's only going to be able to unfreeze 1 credit report. Typically a lender is going to need to pull all three (and they usually use the middle score as the "official" one). So unless the hackers manage to hack all 3 major agencies, they're unlikely to
Re: (Score:1)
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
They're shelling out $3.83 to compensate you, which is probably more than your identity is worth if it's been stolen as many times as you claim.
market cap is $16B (Score:5, Insightful)
Re:market cap is $16B (Score:5, Interesting)
Re:market cap is $16B (Score:4, Insightful)
I would settle for the entire C-level execs and board in lieu of the company. Since they are representing the larger company as a whole, hard labor should be brought back for these individuals.
Re: (Score:2)
10% of the company is irrelevant. They should be liable for the full extent of the harm they have caused. Instead, they are being rewarded. People now need to sign up for credit reporting agencies---and who profits from that? Also, what gives them the right to silo these large amounts personally identifiable information without your consent? These companies should be eradicated completely and the credit companies (which started the mess) should be fined---for the full extent of the harm they have caused
Re: (Score:2)
Yeah.. way too little. Hm.
I wonder if we will be able to opt out of the settlement and pursue a maximum award against Equifax in small claims...
Re: (Score:3)
When my identity was stolen and used to open a Capital One card, Capital One didn't notice any red flags (getting my mother's maiden name wrong on the application, immediate change of address to another state, a woman claiming to represent "me" calling asking for a cash advance before card activation, etc). Thanks to a quirk, the ID thieves' rush delivery was processed before the change of address and the card came to me. When confronted, they first insisted that my wife likely opened it without telling me.
Nice to know (Score:4, Informative)
Your identity is apparently worth somewhere between $3.89 and $4.73.
Also, fucking 150 million people has roughly the same penalty as making your cell phone look too much like another company's cell phone.
Re: (Score:2)
That's about right. Your identity is worth much less than you think.
On the black market, you can get a full profile with SSN for $1. For $5 you can have a valid credit card number with CCV. For $30 you can have the full profile with the credit card number and bank information.
So $3.89 to $4.73 per person for the equifax data seems to be in the correct order of magnitude.
Top management is ignorant about technology. (Score:3)
Most people in top management positions are almost completely ignorant about computer technology, and don't want to educate themselves, in my experience.
Re: (Score:3)
Most people in top management positions are almost completely ignorant about computer technology, and don't want to educate themselves
Given the potential repercussions of not caring, why should they care?
Comment removed (Score:3)
Re: (Score:1)
Re: (Score:2)
Would you like to guess who runs that largest provider of background checks in Australia... as hint, it starts with "equi" and ends with "fax".
Australia is the 51st US state after all.
Still not a solution (Score:2)
Credit monitoring? So I'm supposed to watch an app to see what they're saying about me? How about requiring them to send me a letter every time they tell someone something about me, instead of gossiping behind my back? Then I'd not only know that there was nefarious "identity theft" activity going on, but I'd also be able to dispute the facts about me that they have wrong.
Too bad it isn't a fair settlement (Score:1)
Equifax charges around $16 per month to get your credit report. They're saying our personal history is actually only worth a flat fee of $3. Something here doesn't compute.
Let's add something onto the credit monitoring. Let them pay for it for the rest of the lives of the impacted unwilling 'customers'. And then they can also pay $400 per person (the equivalent of 24 months of subscribing to their 'service') to everyone impacted by the breach. That comes out to about 59 billion dollars. Sounds reasonable to
The matter is not "settled"... (Score:1)