By Eva Velasquez, CEO & President of Identity Theft Resource Center
The Equifax data breach of 2017, exposed the personal identifying information of over 148 million Americans. One Hundred Forty-Eight Million. To not be affected by, or know someone affected by the breach was nearly impossible. The data exposed was some of the most personal, like Social Security numbers, full credit histories, financial account information and names and addresses. The breach had a strong negative impact and broke consumers’ trust. Equifax – one of the three main credit reporting agencies (CRAs) – was widely regarded as a dependable company and a necessity to work with to be able to secure lines of credit. Americans gave them personal information in exchange for a necessary service, and Equifax failed to protect them.
Now, an Equifax data breach settlement has been reached in the case of the 2017 incident. The credit reporting agency will pay up to $700 million, the largest breach settlement to date. The funds will be split between paying civil penalties and compensating victims. While a large amount of dollars dedicated to Equifax’s efforts to correct their wrongs can be seen as a good thing, the way these dollars will be dispersed among the effected population is relatively unclear.
At least $300 million and up to $425 million of the settlement will go toward victim redress. This includes providing free credit monitoring, reimbursing victims who paid out of pocket to protect or recover their identity and offering identity recovery services. However, the weight will still be placed on the consumers. Victims will have to file a claim, a process that still has not been disclosed, to receive any of the compensation pool. For now, the Federal Trade Commission is recommending that victims save all physical evidence of efforts to secure their identity because of the Equifax data breach and sign up for email updates. Putting the burden of proof on the consumer, not the company responsible for the breach.
Many questions remain: What victims will qualify for reimbursement? How will victims provide accurate evidence of their efforts and misfortunes? Is this fund only for victims who purchased identity theft services? What is the option for victims who did not have the resources then or now to purchase paid services or avail themselves of free services like those Identity Theft Resource Center provides?
If all victims filed claims and funds were distributed equally to all 148 million people, each would receive fewer than $3.00 in funds or cost of assistance. This does not accurately reflect the true value of the data that was compromised. Additionally, while the free credit monitoring services offered can span up to 10 years – a large increase from the historical settlement of 1-2 years – identity theft has no expiration date. The threat of identity theft does not decrease as more time passes from the date of the breach. The victims are perhaps more vulnerable as time goes on and they become less diligent in reviewing potentially affected accounts. Personal identifying information can be used to commit identity theft or fraud no matter the date it was exposed. There is no timeline for identity theft, but there is a cap on how many years Equifax will provide free services to victims per the settlement.
The other $275 million of the settlement will be used to pay civil penalties – $175 million to 48 states, Washington D.C. and Puerto Rico and $100 million to the Consumer Financial Protection Bureau. We believe the best use of these dollars would be funding consumer assistance programs within these organizations to continue to help victims of this and other data breaches.
In addition to the monetary payout, the settlement also requires Equifax to comply with more rigorous security standards. While this is not as flashy as a large dollar amount, it is perhaps even more important. It is the industry saying we need to hold our companies more accountable for the privacy of consumers. These standards include regular audits, dedicated staff for security and third-party safeguards. While a step in the right direction, companies must remember the speed of which the industry changes. The best security standards by today’s measures might be the worst a year from now. We must continue to petition businesses to protect consumer privacy and urge consumers to take the necessary precautions to minimize their risk of identity theft and fraud.
If you are a victim of identity theft in need of assistance, you can receive free remediation services from ITRC. Call one of our expert advisors toll-free at 888.400.5530 or LiveChat with us.
If you are a member of the media and would like to contact ITRC regarding the Equifax breach, please email firstname.lastname@example.org.
You might also like…