Blogs

What You Need to Know About the Equifax Settlement

Gavel sitting on $100 bills

Background

In September 2017, Equifax broke the news of a massive cybersecurity incident affecting 147 million consumers, including more than 10 million Georgians and North Carolinians. Nearly two years later, a settlement has been reached.

Last month, the Federal Trade Commission (FTC) and Consumer Financial Protection Bureau (CFPB) announced that Equifax agreed to pay at least $575 million (and potentially up to $700 million) for its failure to secure substantial amounts of personally identifiable information (PII), including birth dates, Social Security numbers, physical addresses, and driver’s license numbers.

The Settlement

Here’s an overview of what this settlement includes:

  • Equifax will pay $300 million to a consumer fund that will provide affected persons with credit monitoring services and other forms of compensation restitution.
  • Equifax will add up to $125 million to the consumer fund if the initial payment is insufficient to compensate people for their losses.
  • Equifax will pay $275 million in civil penalties ($175 million to individual states and $100 million to the CFPB).
  • Beginning in January 2020, Equifax will provide all U.S. consumers with six free credit reports each year for seven years, in addition to one free annual credit report.
How will Equifax ensure a similar breach doesn’t happen in the future?

The settlement stipulates that Equifax must implement a comprehensive information security program. This program will include annual assessments of security risks, safeguards to address risks, and a means to test and monitor the effectiveness of its security.

Recommended Next Steps

First, visit the Equifax data breach settlement website to determine whether your information was affected. After entering your last name and the last six digits of your social security number, you’ll learn whether you are eligible to submit a claim.

If you are eligible, you have two basic options from which to choose: a cash payment of up to $125 or 10 years of free credit monitoring. In addition, if, as a result of the data breach, you spent time and/or money recovering from or preventing fraud and identity theft, you may be entitled to up to $20,000 of restitution.

Cash Payment: In order to claim the cash payment, you must already have credit monitoring services that you intend to use for at least six more months. According to experts, only about $31 million of the consumer funds have been set aside for the $125 cash payments. What does this mean? If more than 248,000 people (of the 147 million affected) file for the $125 cash claim, you will not receive the full $125.

Credit Monitoring: Due to the “overwhelming” public response to the settlement, the FTC strongly recommends selecting credit monitoring. This option guarantees at least four years of free credit monitoring at all three credit bureaus (i.e., Equifax, Experian, and TransUnion) and $1 million of identity theft insurance and identity restoration services. You’ll also receive up to six more years of free monitoring of your Equifax credit report. Given that ten years of credit monitoring services would cost approximately $1,920, this is certainly a better value than the cash option.

The settlement website provides a full overview of your options, along with step-by-step instructions for filing a claim. (Note: You do not have to pay to file a claim, and anyone who calls you about filing a claim is likely a scammer.)

The deadline to submit a claim is January 22, 2020, and the earliest date at which benefits will be available is January 23, 2020. You can sign up for periodic email updates about the settlement at the FTC’s website.

Do you have questions about how Balentine safeguards your personal data? Read our Privacy Policy or contact your relationship manager with any questions.

Contact Us

Looking for guidance in managing your wealth? Balentine is committed to providing the education and advice our clients need to realize their goals.

  • This field is for validation purposes and should be left unchanged.