Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
Security United States

Equifax To Pay At Least $575M as Part of FTC Settlement (cnet.com) 58

Equifax has agreed to pay at least $575 million to the US Federal Trade Commission, the Consumer Financial Protection Bureau and all 50 states over its massive 2017 data breach. From a report: If that isn't enough to compensate people impacted by the breach, the credit reporting company could have to pay up to $700 million -- a figure we got hints about on Friday. The settlement includes $300 million for a fund providing affected consumers with credit monitoring services and for those who bought credit or identity monitoring services in the wake of the breach. If that doesn't cover the losses, Equifax will add up to $125 million to the fund. It's also agreed to pay $175 million to 48 states, the District of Columbia and Puerto Rico, as well as $100 million in civil penalties to the CFPB. Hackers stole the personal information -- including Social Security numbers and home addresses -- of nearly 148 million Americans from Equifax's servers in a data breach that ran from May and July 2017. A December 2018 House Oversight Committee report called the breach "entirely preventable," saying Equifax didn't take action to prevent it and wasn't prepared for the aftermath.
This discussion has been archived. No new comments can be posted.

Equifax To Pay At Least $575M as Part of FTC Settlement

Comments Filter:
  • Whoopee shit (Score:4, Interesting)

    by drinkypoo ( 153816 ) <drink@hyperlogos.org> on Monday July 22, 2019 @09:48AM (#58965630) Homepage Journal

    My identity has been stolen so many times that I'll probably never be able to buy anything on credit again, unless I steal someone else's identity. How are the credit-raping agencies going to compensate me for that?

    • by mark-t ( 151149 )
      When your credit gets compromised through identity theft, it typically only adversely affects your credit rating temporarily.... like maybe a few weeks, at most. In my case, it was within a week.
    • Re:Whoopee shit (Score:5, Interesting)

      by MBGMorden ( 803437 ) on Monday July 22, 2019 @10:13AM (#58965758)

      At this point everyone's info has been leaked quite a few times, so you're not any worse off than most.

      One thing I'd recommend you do is place a "credit freeze" on your profile with the 3 major agencies. It doesn't allow any credit inquiries or applications without removing the freeze, which you need a code to do (I keep my codes printed in a fireproof box under my bed - they're not stored digitally by me anywhere). Removing those freezes is much more difficult without those codes to the point where thieves generally won't both and will move on to another identity.

      Whenever I want to apply for new credit I just lift the freeze temporarily and then reapply it.

      Eventually though this whole system is going to have to be overhauled. Having effectively everything tied to a 9 digit SSN number that you're supposed to be able to keep secret your entire life (while also requiring that you provide it to numerous people and agencies along the way) just isn't a sustainable solution.

      • Re: (Score:2, Insightful)

        Comment removed based on user account deletion
        • Of course they have to store a copy on the provider's end, however the point is that no one can get my codes by hacking ME (and as such, conveniently finding all 3 in one place). If they hack one of the "big 3" they can get their copy of the code, however that's only going to be able to unfreeze 1 credit report. Typically a lender is going to need to pull all three (and they usually use the middle score as the "official" one). So unless the hackers manage to hack all 3 major agencies, they're unlikely to

      • by RAHH ( 5900166 )
        Why the need to freeze credit though? If you have a fraudulent charge or application submitted don't they contact you already and also isn't there fail safes already in place for if someone uses your credit. Dispute charges etc.? Just seems to me a lot of hassle to freeze if you already review your statements and notifications from your credit holder. Usually if you see it and talk to them they can reverse it but this is obviously if you catch it though.
      • If the identity thief has enough information as you, they can still get around a freeze. They just call up the credit agency, and claim "you" lost the code to lift the freeze. The agency then then ask those stupid "I had a recent mortgage for $xxx,000" questions to confirm your identity. Unfortunately this is the very information which has often been leaked. And when the thief answers correctly, they lift the freeze thinking that it's you who requested it be lifted.
    • They're not even compensating you for what already happened. The money primarily goes to the FTC, with some to the states and other government bodies that want a piece of the action. This is seriously wrong.
    • They're shelling out $3.83 to compensate you, which is probably more than your identity is worth if it's been stolen as many times as you claim.

  • market cap is $16B (Score:5, Insightful)

    by nightcats ( 1114677 ) <(moc.liamg) (ta) (woemthgin)> on Monday July 22, 2019 @09:52AM (#58965648) Homepage Journal
    So this is little more than change under the sofa cushions. These corporations will continue to commit massive crimes as long as the punishments are wrist-slap light.
    • by Merk42 ( 1906718 ) on Monday July 22, 2019 @09:58AM (#58965678)
      Corporations are people? Fine, they can go to prison like people too.
    • by mysidia ( 191772 )

      Yeah.. way too little. Hm.
      I wonder if we will be able to opt out of the settlement and pursue a maximum award against Equifax in small claims...

    • When my identity was stolen and used to open a Capital One card, Capital One didn't notice any red flags (getting my mother's maiden name wrong on the application, immediate change of address to another state, a woman claiming to represent "me" calling asking for a cash advance before card activation, etc). Thanks to a quirk, the ID thieves' rush delivery was processed before the change of address and the card came to me. When confronted, they first insisted that my wife likely opened it without telling me.

  • Nice to know (Score:4, Informative)

    by pushing-robot ( 1037830 ) on Monday July 22, 2019 @10:10AM (#58965732)

    Your identity is apparently worth somewhere between $3.89 and $4.73.

    Also, fucking 150 million people has roughly the same penalty as making your cell phone look too much like another company's cell phone.

    • by GuB-42 ( 2483988 )

      That's about right. Your identity is worth much less than you think.
      On the black market, you can get a full profile with SSN for $1. For $5 you can have a valid credit card number with CCV. For $30 you can have the full profile with the credit card number and bank information.
      So $3.89 to $4.73 per person for the equifax data seems to be in the correct order of magnitude.

  • A December 2018 House Oversight Committee report called the breach "entirely preventable," saying Equifax didn't take action to prevent it and wasn't prepared for the aftermath.

    Most people in top management positions are almost completely ignorant about computer technology, and don't want to educate themselves, in my experience.

    • Most people in top management positions are almost completely ignorant about computer technology, and don't want to educate themselves

      Given the potential repercussions of not caring, why should they care?

  • by account_deleted ( 4530225 ) on Monday July 22, 2019 @10:16AM (#58965772)
    Comment removed based on user account deletion
    • So in Australia, credit ratings are pretty locked down as well (and applied to far fewer circumstances than in the US)... but nearly every major employer (including government agencies) now requires applicants to go through a background check (inc. police check) that requires you to submit copies of your driver's license, passport, and numerous other highly personal items. Would you like to guess who runs that largest provider of background checks in Australia... as hint, it starts with "equi" and ends wit
      • Would you like to guess who runs that largest provider of background checks in Australia... as hint, it starts with "equi" and ends with "fax".

        Australia is the 51st US state after all.

  • Credit monitoring? So I'm supposed to watch an app to see what they're saying about me? How about requiring them to send me a letter every time they tell someone something about me, instead of gossiping behind my back? Then I'd not only know that there was nefarious "identity theft" activity going on, but I'd also be able to dispute the facts about me that they have wrong.

  • Equifax charges around $16 per month to get your credit report. They're saying our personal history is actually only worth a flat fee of $3. Something here doesn't compute.

    Let's add something onto the credit monitoring. Let them pay for it for the rest of the lives of the impacted unwilling 'customers'. And then they can also pay $400 per person (the equivalent of 24 months of subscribing to their 'service') to everyone impacted by the breach. That comes out to about 59 billion dollars. Sounds reasonable to

  • In addition to the 700 million, I will require a new social security number, a new mother's maiden name, a new work history, a new residence history, a new birthdate, and my whole credit history set to factory default conditions. Then and only then will I consider this matter "settled".

It is not best to swap horses while crossing the river. -- Abraham Lincoln

Working...