Though the settlement clearly said that individual payouts could be lower, the FTC’s announcement was quickly criticized by privacy and consumer advocacy groups who contend that claimants should get the cash if they preferred it to the other option: 10 years of free credit monitoring. The high demand, critics said, is actually an argument to pursue a higher settlement.
An FTC spokesman said that the $31 million reimbursement pool was part of the class-action settlement the agency adopted in its Equifax order. But the agency viewed the credit-monitoring option “as the primary source of relief for affected consumers” because it was the “best source of future protection from identity theft.” (Equifax referred questions about the settlement to federal and state regulators.)
“The option to obtain reimbursement for alternative credit monitoring, as set forth originally in the class-action settlement, was never intended to be a cash payout for all affected consumers,” the FTC said.
When parties negotiate a settlement amount, that typically involves assessing of how many claims could be expected and therefore what amount would be sufficient, said Marc Rotenberg, president and executive director of the Electronic Privacy Information Center, a nonpartisan research organization. Rotenberg said “there’s something a little askew” if the parties first believed that $125 would be available to consumers but “now have to race around saying, ‘Look at the fine print.’ ”
“I don’t think this is typical. I think it’s ironic,” Rotenberg said. “The FTC typically investigates companies that bury information in the fine print.”
Rotenberg called for updated privacy laws and the formation of an agency tasked specifically with data protection. Robert Weissman, the president of Public Citizen, a nonprofit consumer advocacy group, said there should be more oversight for how companies — including credit-monitoring firms — gather and protect consumer data.
The Equifax case “highlights the challenges of having remedies in these circumstances,” Weissman said. “The limitless corporate surveillance that underlies the business model of so many companies is really problematic.”
Consumers have a few options. They can file claims for free credit monitoring or a cash payment; those options don’t require documentation. But if victims spent time recovering from the hack or lost money because of it, they can request as much as $20,000. Supporting documents are necessary.
All told, the settlements hashed out between Equifax and state and federal authorities included $300 million to compensate affected consumers, though that fund could grow to as much as $425 million if the claims drain the initial $300 million. Equifax also must pay $175 million to states and $100 million to the Consumer Financial Protection Bureau.
If there’s anything left in the $300 million fund after the 4½-year extended claim period, any unused money can be applied toward lifting the $31 million cap, the FTC spokesman said.
Many consumers pushed back on the FTC’s suggestion that victims take free credit monitoring. In a comment posted beneath the FTC’s post, one claimant said “my data has been compromised numerous times and I’ve received numerous free credit monitoring compensations.”
The FTC said that the monitoring service option may be stronger than what consumers may already have, in part because it “comes with up to $1 million in identity theft insurance and individualized identity restoration services.” Its market value would be hundreds of dollars per year.
“Frankly, it’s all getting pretty tiresome,” one frustrated commenter wrote. “Fine these companies A LOT and give that money to the consumers whose data has been compromised.”
“This is unacceptable,” wrote another. “The court and Equifax knew there were 147 million claimants. Why offer $125 per claim and set aside only $31 million? Did someone forget to do the math?”