Nearly two years after credit monitoring company Equifax announced that a “Cybersecurity Incident” had exposed personal information of 147 million Americans, it will pay at least $575 million, and potentially up to $700 million, to end a federal, state, and consumer claims against it. If the proposed settlement receives federal district court approval (as expected), it would be the largest ever for a data breach.
As part of the proposed settlement, Equifax will establish a $300 million fund (which could rise to $425 million if the initial payment is not enough to compensate consumers for their losses) that would provide affected consumers with three basic mechanisms of relief:
1. Free Credit Monitoring or $125 Cash Payment. At least 4 years of three-bureau credit monitoring, offered through Experian. You can also get up to 6 more years of free one-bureau credit monitoring through Equifax. If you already have credit monitoring services, that will continue for at least 6 more months, and you may be eligible for a cash payment of $125.
2. Other Cash Payments. You may also be eligible for the following cash payments up to $20,000 for:
Time spent remedying fraud, identity theft, or other misuse of your personal information caused by the data breach, or purchasing credit monitoring or freezing credit reports, up to 20 total hours at $25 per hour.
Out-of-pocket losses resulting from the data breach.
Up to 25 percent of the cost of Equifax credit or identity monitoring products you paid for in the year before the data breach announcement.
3. Free Identity Restoration Services: You are eligible for at least 7 years of free assisted identity restoration services to help you remedy the effects of identity theft and fraud.
Before you get too excited, there is no way to currently process a claim. No funds will be distributed or services made available until after the Court approves the settlement. To keep up to date, bookmark the FTC dedicated site and the Equifax dedicated site. You should also sign up for FTC email updates about the settlement and when the claims tool is available to see if you are entitled to participate. And use this time to review your records and pull documents or proof related to your efforts to avoid or recover from identity theft after the Equifax breach.
In addition to guarding your personal information and changing passwords frequently, you should consider incorporating these best practices into your data security regimen:
1) Initiate a “credit-freeze,” which generally stops all access to your credit report, including by YOU! That means that if you need to access credit, you have to unfreeze your records, which can take a few days. You need to contact each company directly to freeze your file: Equifax (800) 685-1111 (Automated, Option 3) or (888) 298-0045 (Live); Experian (888) 397-3742 (Option 2 followed by Option 2); TransUnion ((888) 909-8872).
2) Review your credit report every 12 months at AnnualCreditReport.com. If you find an error, report it immediately and stay on top of the process. Important note for parents: A new federal law allows you to check and freeze your kids’ credit reports. There’s a lot of information available from the FTC.
3) If someone has used your information to make purchases or open accounts, file a complaint with the Federal Trade Commission and print your Identity Theft Affidavit. Use that to file a police report and create your Identity Theft Report.
4) Review credit card (and ALL) statements and consider enrolling in a credit card notification program, where the bank alerts you to charges over a preset amount.