How to Get What You Still Can from the Equifax Settlement

Equifax logo and slogan displayed on a smartphone.
(Image credit: madamF/Shutterstock)

If you wanted to net some substantial cash from the Equifax data-breach settlement, you are probably out of luck, unless you can prove the breach cost you a lot of money. Far too many people have filed for cash reimbursement to get the full $125 that was initially promised. 

The Federal Trade Commission recommends that U.S. residents affected by the 2017 Equifax data breach -- and there are about 147 million of them -- go for the free identity monitoring and credit protection instead. 

You'll get four years of monitoring and protection based on information from the three largest credit bureaus, which are Experian, TransUnion and Equifax itself. 

After that ends, you can get another six years of Equifax-only credit monitoring and identity protection. All this is not a bad deal when you consider that some identity-monitoring services charge their subscribers more than $30 every month. 

How to file an Equifax settlement claim

Here are instructions for filing a claim, but you'll probably want to read our FAQ following these instructions first. You'll also have to do all this by Jan. 22, 2020.

1. Go to the website handling all of this: https://www.equifaxbreachsettlement.com/. This site is run by the settlement administrator, not Equifax. Do not trust any other websites that claim to be part of the Equifax settlement.

2. Check to see if you were affected by the breach. Go to https://eligibility.equifaxbreachsettlement.com/en/eligibility and type in your last name and the last six digits of your Social Security number. You can also call 1-833-759-2982.

3. If you are indeed affected, you can file a claim at https://www.equifaxbreachsettlement.com/file-a-claim or by filling out this form  and mailing it to the included address. You can also use the contact information on this page to have a form sent to you. If you're filing a claim for someone who was a minor in May 2017, fill out this form .

But because the next part is complicated, here's the FAQ.

Equifax settlement: what to know

Who is entitled to what?

The settlement divides affected individuals into four groups:

-- Those whose personal data (names, addresses, Social Security numbers and so on) is known to have been compromised in the breach. These people can enroll for up to 10 years of free credit monitoring. Anyone who was under 18 in May 2017, when the breach took place, and can whose data is known to have been compromised can get up to 18 years of protection and monitoring.

-- Those who already pay for credit-monitoring and/or identity-protection services, regardless of whether those services were purchased in response to the Equifax breach. These people are entitled to monetary compensation instead of credit monitoring, but because of the overwhelming response to the settlement offer, the money will be far less than the $125 that was originally promised. You'll need to provide the name of the service you currently use.

-- Those who spent time freezing their credit, buying identity protection or correcting instances of identity theft following disclosure of the breach on Sept. 7, 2017. You can get $250 per hour spent, up to $2,500, by simply stating that you spent time reacting to the Equifax breach and detailing what you did. You can get up to another $2,500 by claiming that you spent more than 10 hours on this, but you will need to back this up with bank statements, credit-card statements, or receipts from identity-protection services, lawyers or accountants. Most significantly, you can file a claim for this reimbursement whether or not you opted for the identity-monitoring service above.

-- Those who can prove they lost or spent money performing the above activities as a result of the breach. These people can collect up to $20,000, but again, they will need to prove this with ample documentation, and they may get much less. This page  lists the types of documentation needed. Again, you can file a claim for this whether or not you opted for the freeidentity-monitoring service.

What's the catch for filing a claim? 

By signing up for any of the above, you relinquish all rights to sue Equifax over the data breach. You also relinquish all rights to sue if you do nothing.

So what if I do want to sue Equifax?

Then you have to mail a letter by Nov. 19, 2019 to this address:

Equifax Data Breach Class Action Settlement Administrator

Attn: Exclusion

c/o JND Legal Administration

P.O. Box 91318

Seattle, WA 98111-9418

The letter must include the following information:

-- Your full name

-- Your current mailing address

-- The name of the settlement: "In re: Equifax Inc. Customer Data Security Breach Litigation, Case No. 1:17-md-2800-TWT" 

-- The words "Request for Exclusion" at the top of the letter

-- Your signature

Is there a deadline?

Yup. You have until Jan. 22, 2020, to file claims. 

When do I get my money or identity-protection coverage?

No earlier than Jan. 23, 2020. All the claims have to be filed before the settlement administrator can take action.

How do I activate the identity-protection service?

You will get an activation code by either email or snail mail -- you'll decide which when you file your claim.

How do I get my money?

You'll get either a check or a debit card by snail mail, which you'll choose as part of the claim.

I filed a claim for money, but now I want to get the identity protection instead. What should I do?

If you file a claim for money, you'll get an email from the settlement administrator asking you to confirm that and to provide more information. You'll get the option to take the monitoring instead.

Why is the money running out?

The Equifax settlement has been reported as costing Equifax up to $700 million, but only $31 million was set aside to cover cash payouts for people who already have identity protection. Divide that by $125, and you'll get 248,000. 

Far more people than that have already signed up for the cash payout. The rest of the money is set aside for paying for credit monitoring and for compensating those people who can prove they lost money or time as a result of the breach.

How much would I get if every one of the 147 million people affected by the breach opted for the (formerly) $125 cash payout?

You'd get about 21 cents.

Does Equifax admit any wrongdoing as part of this settlement?

Nope. That's despite the fact that the company failed to patch its systems against a known software vulnerability that made this theft possible, that it waited to disclose the news of the breach for more than six weeks and that at least two Equifax staffers have been charged with insider trading for dealing in Equifax stock before the breach was publicly disclosed.

Can I stop Equifax from handling my personal data from now on?

Nope again. Equifax, Experian and TransUnion don't work for you -- they work for commercial lenders who want to find out how credit-worthy you are. As a result, they hold detailed information about almost every U.S. resident who has a credit card or pays utility bills. 

So who was behind the Equifax data breach?

We don't know. It's interesting that there wasn't a deluge of identity theft following the breach in May 2017. As far as we are aware, none of the stolen information has shown up on cybercriminal markets, and we haven't heard of any cases of identity theft directly tied to the Equifax data. That's led to speculation that the thieves were not ordinary cybercriminals, but a state-sponsored group that had other plans for the information. 

Is there more information about this?

This settlement is so complicated that it makes our head hurt. To share in our pain, you can read the official FAQ . The FTC has a clearer, if less thorough, explainer here.

TOPICS
Paul Wagenseil

Paul Wagenseil is a senior editor at Tom's Guide focused on security and privacy. He has also been a dishwasher, fry cook, long-haul driver, code monkey and video editor. He's been rooting around in the information-security space for more than 15 years at FoxNews.com, SecurityNewsDaily, TechNewsDaily and Tom's Guide, has presented talks at the ShmooCon, DerbyCon and BSides Las Vegas hacker conferences, shown up in random TV news spots and even moderated a panel discussion at the CEDIA home-technology conference. You can follow his rants on Twitter at @snd_wagenseil.