At this point, you’ve probably heard of the $700 million settlement that Equifax reached with the Federal Trade Commission (FTC). The settlement stems from a 2017 data breach, where 147 million Americans had their sensitive data compromised. Out of the $700 million, $425 million will go toward compensating impacted consumers. However, there are many who justly feel that the credit agency got off with a slap on the wrist, which is the result of a lack of laws protecting data and privacy.
First, let’s take a look at what actually happened at Equifax to bring us to this point. According to reports, the swath of unauthorized data access occurred between May and July 2017. Hackers were able to get ahold of consumer data, including names, Social Security numbers, birthdays, addresses and driver’s license numbers; in some cases, passport information was also exploited. Additionally, hundreds of thousands of individuals had their credit card numbers and/or dispute documents with personal identifying information compromised. The breach was discovered on July 27, 2017 and was announced that September.
Earlier this week, a settlement was reached. During its investigation, the FTC accused the free credit bureau of failing to take the steps necessary to secure its network. The company has pledged $300 million to a fund that will provide impacted victims with credit monitoring services. If that proves inadequate, another $125 million will be added. On top of that, Equifax will be paying 48 states, the District of Columbia and Puerto Rico $175 million and another $100 million in civil penalties to the Consumer Financial Protection Bureau. In all, Equifax will dole out around $4 for every impacted consumer. In addition to that, Equifax has pledged to invest over $1 billion to improve its internal cybersecurity.
Despite all of that, it seems to be a common sentiment that Equifax is getting off too easy. There currently is no evidence that the information gleaned has been used for identity theft or was sold on the dark web, but that doesn’t mean that there’s no problem. In many instances, hackers will sit on sensitive information for years before using it. That being said, the full impact of the breach may not come to fruition for years to come.
“Years from now, there will be families who can’t get home loans, families stuck with crummy credit scores, and families battling fraudulent charges because their data was mishandled by Equifax,” said Senator Ben Sasse (R-Nebraska).
The Equifax breach also speaks to a broader issue. New policies need to be put in place to protect citizens’ data and privacy in the digital age. Equifax was called out for ignoring major vulnerabilities in its system, and the government’s hands are largely tied. One of the major reasons the settlement took two years to happen is because there was no clear way for the authorities to hold Equifax accountable.
Congressman and House Energy and Commerce Committee Chairman Frank Pallone Jr. (D- New Jersey) summed it up by saying, “[The settlement] shows that we need a comprehensive data privacy and security law to ensure companies are designing their systems to protect consumer privacy from the start, minimizing the personal information they keep, and are held appropriately accountable if they fail.”
Senior Vice President of consumer group Public Knowledge, Harold Feld, supported this line of thinking, saying, “If we had the comprehensive privacy statute … the authorities would be clear, we’d have a clear way to proceed and then we wouldn’t have an extensive negotiation to try to figure out what sort of remedies the agencies could impose.”
The FTC itself could also use an overhaul when it comes to these matters. The government of the United Kingdom has 500 employees overseeing consumer internet privacy and data security. In comparison, the FTC has a team of only 40 full-time employees working in that capacity. FTC officials are on record saying that the body needs the power to impose civil penalties. FTC Chairman Joseph Simons pressed Congress to pass data privacy legislation, which would give the FTC the authority to penalize companies for their first offense.
“I think we could create a lot more deterrence if we got civil penalty authority, and that is what we are asking for,” he said.
This security breach at Equifax has impacted more than half of the adults in the United States, so there’s a good chance you’re in that number. To find out, visit the settlement eligibility checker and fill in your last name and the last six digits of your social security number. If you have been impacted, you will be given prompts to file a claim. The site states, "You can receive free, three-bureau credit monitoring at all three national credit reporting agencies (Equifax, Experian, and TransUnion). Experian will provide this service for at least four years. You can also enroll in free, single-bureau credit monitoring of your Equifax credit file, provided by Equifax, for up to six years after the Experian service ends."
If you already have a credit monitoring service, you could qualify for a cash payout. If you enlisted a credit monitoring service (that will be in place for the next six months) or froze your files as a result of the breach, you can claim $125. If you spent more time and energy on protecting your data, you could be eligible for up to $20,000, depending on what you did. Just be ready to prove actual losses as a victim of identity theft with proper documentation showing how much of a loss you took. If you spent less than ten hours cleaning up your record, you could receive up to $25 per hour for your troubles.
The most important thing to do is to get some sort of credit monitoring to keep track of activity with your information. With more advancements in technology, hackers are getting better equipped to snatch your information every day, and identity theft is a growing concern. Take the steps you need to protect yourself.