"The Court gave final approval to the Settlement and overruled all objections on January 13, 2020. However, some of those that objected to the Settlement have now appealed the Court’s decision to approve the Settlement. By order of the Court, the Settlement cannot become final until all appeals are resolved and there is currently no timeline for the resolution of these appeals. When the appellate court enters a schedule for the appeal, we will update this website to provide individuals with more guidance as to the timing of a decision. Please check back for further updates."
No idea why but I always feel any company dealing with blackbox credit rules are very fishy...wish there is a way to remove them away from the financial system.
Having lived in Argentina and The Netherlands all my adult life, I don't fully grasp why you even need those companies -- probably due to the fact that average citizens never deal with those (if they even exist here).
I do think that American culture is a lot more credit-based though, whereas in many places, people don't spend money they don't yet have (eg: I don't have a credit card, and neither do the grand majority of my friends).
Your comment was correct. As far as France goes, none of the credit agencies exist.
To rent a place in France, you show your yearly tax statement to prove income and your national ID card to prove identity.
The concepts of credit check and rating simply don't exist at all, you couldn't even discuss them because it's completely alien and there ain't words for it. Imagine trying to have a discussion about trains to a medieval villager.
Living in the UK right now and the worst thing is, the UK has the exact same legal documents (driver license, passport, tax statement) that you have to provide as well. The only difference is they're forwarded to a check agency that provides no value and have no justification to exist, but to accumulate that data on everyone and resell it. I suppose the US is similar but don't know, never lived there.
That is not true. It is almost impossible to rent a flat in the larger cities of Germany without showing a positive credit record to the landlords. And requesting even small credits of a few k will have your credit rating checked and recorded that such a check happened.
You are correct, I was unaware of the German case! In fact, it seems that many European countries do have a credit score system. Some do have other systems: https://en.wikipedia.org/wiki/Credit_score#Germany
Here are some countries within Europe who do not have a credit score system:
- Belgium has no centralised credit score system. However, banks can ask the Belgian counterpart of the FED for all loans held in your name when you request a new loan. The national bank keeps a register of all loans.
- United Kingdom: There is no such thing as a universal credit score or credit rating in the UK. Each lender will assess potential borrowers on their own criteria, and these algorithms are effectively trade secrets.
The Experian Credit Rating Agency actually results historically from what happened before CRAs existed.
Last century "Mail order" was an exciting new business opportunity. You send people (mostly housewives) a catalogue explaining what's on offer, and then they pick items from the catalogue and you deliver them. You can have a much broader range of products than their local stores, and the catalogue offers a good way for cautious shoppers to compare options and make a decision at their leisure.
There was a problem. The customer has no prior relationship to you, but of course they don't want to pay you for potentially very expensive goods, in advance, unseen. A local store might know exactly who the customer is, if that's a nice house or a tiny cottage, what the husband does for a living. Your mail order catalogue company has no idea.
So you began to just collect observable facts. Mrs Smith still owes you £208 from last year when she bought the dining room set, and hasn't made a payment on it since January. Mrs Jones on the other hand has paid every penny she owed, regular as clockwork. So when Mrs Smith tries to order a new frock, you remind her about the outstanding £208 by return of post - and when Mrs Jones does you send the frock immediately.
Gradually other new businesses wonder if they might take advantage of this knowledge. Mrs Jones wants to buy a car, cars are expensive but she'd make payment every month. The first dealer she visits suggests her husband should buy it. Mrs Jones doesn't have a husband, and she walks out in disgust, no sale. But the second dealer has an idea, that mail order catalogue company might know if Mrs Jones is good for the money. They agree, for a fee, and on condition that the car dealer tell them if Mrs Jones makes each future payment on her credit deal, which seems harmless enough.
And one day the catalogue company realises that 80% of its revenue is from this "Credit Reference" side business of knowing that Mrs Jones is a better risk than Mrs Smith and the catalogue sales are nice but they aren't really the same business and needn't be the same company.
If it hadn't already happened last century, today Amazon would be your Credit Reference Agency, yet another opportunity to enrich Jeff Bezos...
Really interesting background. I'd not idea this is where it all came from.
It's pretty clear that nowadays with much safer online payments, there's really no need for these credit checks any more -- you pay online, and if you get scammed there's solid proof of whom you paid and how much.
In the UK the electoral register can be purchased by advertisers, etc. You can opt out of this.
The electoral register is also given to the big credit reference agencies. This is obligatory. If you want a vote then Experian (and the rest) get your data.
Credit reference agencies most definitely operate in the UK.
I can't get my [knowledge-based authentication] data back. I don't want their measly $125 from them (it will cost me far more time and money when this breach is used against me). I want them to pay the cost for the government to replace the SSN as an identifier. And to pay for the government give me a new SSN in the meanwhile... and they don't get to store the new SSN in their database (because they dun messed up). I think that would be a better outcome for everyone.
Everyone is identified by their birth date, the name of their mother and their birth place. (Their own name is not that important, for example twins can pull off identity fraud easily, as they can pretend to have the name of their twin, and how would anyone know!?)
Sure, we can go full 1984 and GATTACA and use biomarkers and papers and whatever. But that just makes puts many edge cases out of scope, doesn't solve them at all.
If someone shows up at the bank and claims to be someone, they can produce documents, either via simple forgery or by stealing someone else's "identity".
They can then pass all the checks the bank runs. (Sure, if there is some database that says don't open accounts for these IDs, then the scammer can start with persuading the admins of that DB to unlock the corresponding ID.)
And this will always happen as long as we allow fallbacks for people to get access to (and create) their accounts after losing (or without creating) a strong cryptographic key (password).
The kicker is they reuse the SSNs. Had a gig where I was working with the 'death master' files. (It use to be much easier to get your hands on the files - https://ladmf.ntis.gov now) and it would list every SSN number used by the dead. Lots of duplicate SSNs, some malformed data, some just missing. An interesting data set to look at, and a great reminder why folks should not be using this as an identifier.
Shades of gr[ea]y my friend. If you think of the media as each broadcaster/publisher it might be plural, but in the conspiratorial sense of things the "media" is just the propaganda arm of "them". That makes it a singular thing. QED
Depends where you live really. Some places say "the band is performing" and treat it as a singular, others say "the band are performing" and treat it as a collection of individuals. I think the latter is more of a UK thing.
It's not about the insignificant amount of money everyone will get out of it; it's about equifax being severely punished and fined, even though that settlement won't really change anything.
What’s wrong with a corporate death sentence in the event of such egregious mistakes? There must be a severe enough punishment in order for a company’s risk department to take things seriously.
It is vindictive. When non-vindictive measures failure, the measure of last resort sadly tends to be the vindictive one. I don't know if this was part of your point (I imagine it was), but the vengeful carcerality of vindictive justice is independent from meaningful structural change that would prevent bad actors from repeating similar actions in the future. Everyone performs their role feigning outrage, repentance, regret and reconciliation, until the same thing happens all over again.
I would be surprised if that did not happen here. The collusion between credit bureaus, banks and lenders is well known for its issues to consumers, but without consequences for adverse consequences to them, business will continue as usual. Will it be savvy fraudsters who place backpressure on the crumbling ability of credit bureaus to prescreen for credit-worthiness? Will upstart incumbents see high margin, low fitness targets ripe for disruption? Will corporate raiders see ossifying remains just ripe enough to be scavenged? Even if all answers to these questions were in the affirmative, I don't know if any of that would lead to immediate change. But, I'd be surprised if business continued as usual forever. The bar for a step function level improvement is quite low, if you could somehow retrofit a better way to pull credit into legacy underwriting processes.
Source: Early stage engineer and prior executive at $PREVIOUS_FIRMS that included two growth stage consumer lending startups.
They pioneered the knowledge based authentication approach. It was never a good one. It's now utterly broken now that they leaked everyone's information.
At the very least, Equifax should be destroyed. And society would benefit more if it were destroyed in such a way to be an example for future organizations working in the space.
I do. They allow people who are lending money or extending credit to know what kind of risk they are likely taking on. They also let you know how risky you appear to be when you ask someone for a loan or credit. This allows people to reduce their risk, and it allows people to understand and manage the risk that they present.
Each party to a transaction has a different perspective. Speaking about the benefits to one party while ignoring the harm to others is nonsensical. Comprehensive surveillance databases obviously benefit lenders, or they wouldn't pay to create them. But general society is harmed by creating surveillance records that would make even the most staunch Stasi agent blush.
Speaking how one party can better conform to the other party's requirements is not an honest description of both perspectives.
Bad lending is better attributed to a mistaken belief that borrowers can be perfectly modeled to reduce variance. The economic crunch we're currently facing has been directly caused by cheap credit based on such assumptions which, once again, turn out to be suddenly correlated.
It’s really a loss for consumers across the United States.
The reality is that a large part of the fintech sector still depends on the data provided by Equifax. Their data is also used for KYC and other security use cases.
We have started Truework (https://www.truework.com) to break that dependency and give consumers control of their data. If you’re interested to help us, please contact me by email.
The Work Number collects payroll information from employers without informing employees that they turn around and sell that information to third parties. They mislead people by saying they don't release pay information without employee authorization while neglecting to mention they sell everything else without asking permission or giving notification.
It looks like you're doing similar kinds of data collection directly from employers. If an employee doesn't request income verification or any other service from you folks, do you collect any data on that employee?
wl, you summarized pretty well how it works indeed :-). A lot of players in the industry hides behind long legal documents.
In our case we get employee information from your employer but it’s never shared to third-parties by default. We always go through the process of notification to the employee before releasing any data and, as an employee, you can refuse to share that data. The requester is in a holding pattern until you consent to data sharing.
Ultimately the purpose of your enterprise to help employers collude to suppress wages. Please shut it down and disappear. Otherwise I hope you die toiling in poverty.
> It’s really a loss for consumers across the United States.
> The reality is that a large part of the fintech sector still depends on the data provided by Equifax. Their data is also used for KYC and other security use cases.
> We have started Truework (https://www.truework.com) to break that dependency and give consumers control of their data. If you’re interested to help us, please contact me by email.
I would be curious to know more about how you give consumers control over their data. I took a look at your link but it is not clear to me.
Thanks for your question. I wish our website was clearer :), but we’re working on that!
When Truework gets a request for data on you from a third-party we send you a notification to know whether or not you want to share your data with that third-party.
If you refuse, we will not share that data. It’s different from the current model that our competitors use, which is to just share right away.
That is an interesting model, it seems to me that Truework would position itself as an identity aggregator of sorts. In that case, it seems a large challenge would be gaining the trust of organizations (which it seems you are succeeding at, congratulations!).
Among my worries are that this establishes a rather large target for data breach as presumably the company would hold identity docs and other documents used for authentication or verification purposes. Out of curiosity, since my experience is more in banking/healthcare, is Truework subject to any regulatory framework?
Yes, earning trust is the most important piece. However, organizations are excited to participate once you show that you are the right security & privacy practices in place. We've had a lot of great momentum there.
For regulatory frameworks, it depends on the circumstances and the type of data that you are dealing with. For most of our use cases, it's:
* FCRA, aka Fair Credit Reporting Act that all Credit Reporting Agencies must follow.
* HIPAA, for health data
Of course, you have more generic frameworks such as CCPA, GDPR but that's true for all companies.
Once the 3rd party has a copy of the data, now they can freely share it with their 'partners and associated companies.' You're helping me, yes. But you're friction for a bank and I don't know how you could possibly stay in business for the long term in that position.
Right — curious how this company is truly doing anything different than Equifax? You’re still aggregating sensitive personal information and selling it to verifiers. What’s the long term plan to actually make a difference?
Call me cynical, but when I read the news of the breach I went and bought EFX call options for 3 months. Because even though I am not sure whether the "deep state" exists or it's a conspiracy theory, I was somehow confident that I was making a good investment. It has paid off handsomely indeed.
When you buy calls but don't have the capital to exercise those calls, do brokerage services lend you the money to collect on the gains assuming your call is in the black?
I have a pretty good stock portfolio, but I haven't dipped my toes into the call/put, futures, derivatives, "iron condors", etc. world yet.
Yes, puts are covered for now. There are several standardized levels of account access to buying/selling options. I think selling naked puts requires Level 5 while selling covered puts requires Level 3. I recommend practicing buying options first, and selling the options that you have bought, before selling covered or naked options.
Selling puts is bullish. You are selling someone the option to sell you shares at a given price so if the stock goes up, you collect the premium (since no one will voluntarily sell you something at a lower price than the spot price). If the stock goes down, then you are buying shares at a price you presumably deemed sufficient to hold in the long term.
When you sell a put, the risk is in the stock going down, not going up.
So you need to have enough cash in the account to buy the stock at the strike price of the put (or be long longer dated or further out of the money puts).
It's usually in your best interest to sell the options before they expire as the extrinsic value decays every day. If they expire in the money, they are generally exercised and liquidated at the same time before market close of the expiry date.
I think GP is implying that you can trust to invest in institutions like Equifax because they are propped up by the government and 'too big to fail'. Not sure I agree, but then again, there's the proof.
He made more with those call options than anyone will ever get from the breach settlement.
I bought stock in one of their competitors (TRU) which was also down around the same time. Even with all the craziness in the markets, it's still up close to 80% in a little over 2.5 years.
I suppose "the company be dissolved, its records thoroughly purged, and its ability to legally operate revoked" is a bit too much... though it shouldn't be.
How could the result have been any different or better? I don't see where anyone's claiming the government was unhappy with the final result. Rotten firms like this need to die.
The thing is that when the reasonable solution is "Stop the company doing its core competency" you need to realise that almost everything else the company does is going to be "exploit whatever it has left". So forcibly shutting down the company is far more reasonable than just stopping it from collecting credit information.
> > "Good credit is for poor people" - words of a wealthy friend.
By "poor" he likely means anyone who has to borrow for anything, including a home (60% of homeowners) or auto purchase (44% of individuals). So basically just about anyone who has to work for a living.
He probably also means "worrying about credit", vs "using credit as a financial optimization tool"
EDIT: changed "households" to "homeowners". 65% of Americans are homeowners, which means 65% * 60% = 39% of Americans have mortgage debt. Note that credit score matters a lot for those who rent also, since many of them are saving for a down payment for a mortgage, and most landlords require a credit report if you hope to rent their properties.
There's no way that only 60% of households borrow for a home. It might be that only 60% are borrowing against their home right now, but in that case you're probably talking about 99% of the people not borrowing against their home being pensioners. Those aren't particularly rich people, they're just in a different part of their life. (It also wouldn't matter if they were credit worthy because no one is going to give a mortgage to an 83 year old)
Rich people mightn't have a stellar credit score, but they're still creditworthy.
Your credit report is really a way of automating what a bank manager would have done at some point for every customer, i.e examine your finances, references, legal history, etc.
It's really just a model for consumer creditworthiness of someone earning under the 95% percentile of wealth. As it's needlessly laborious for a bank manager to examine you in depth for a $5'000 dollar credit card.
Credit scores are not a factor in nearly any big loan. One might be utilising most of their available credit (as their limit is low), or have failed a few hard searches. In the case of a big loan like a mortgage, it's not so automated and is worth digging deeper.
When you're rich, every loan is a big loan - and it's worth the bank's time determining how much they should lend to you on a case by case basis.
Wealthy people don't need credit cards, car loans, and mortgages, and most other kinds of loans that would show up on a credit history. They may use them, and if they do they should have a really good score unless they're bad with money. But if they choose not to (as they'd be able to, more easily than others at least), there score would drop until their credit history was blank.
I would bet the vast majority of wealthy people have substantial debt. I mean, if you're going to buy a $10M home, why would you use your own money when the bank will load it to you for next to nothing?
You can but few do. Credit Reference Agencies monitor your use of credit. They do so imperfectly but they don't see any non-credit transactions at all.
So for example I wouldn't describe myself as wealthy but I'm comfortable. I don't like debt. So, CRAs see only the faintest shadow of me. For you I've just logged into an account to see the Equifax data for myself.
Equifax scores me 459/700. It knows I exist (because I have registered to vote and I pay tax) and it knows I have a mobile telephone contract. It has no idea I have a credit card (I do, though it automatically pays off the balance every month) and of course it has no idea I own a home, since I did not take out debt to purchase it, nor does it have any idea that I don't currently have a job.
459 isn't terrible, but it's not great even though I'd actually be a completely safe risk for even a relatively large credit purchase such as a yacht or small house. It has no insight into that, so it can't judge.
Extremely wealthy people have a tax-shell liability-shielded offshore trust operating company buy things for their benefit using leveraged debt secured on junk assets.
In the rare case where for some compliance reason they must have a more direct link to the asset, they’ll transfer the item to a holding entity (in which they have indirect but controlling interest) and then lease it back.
If the unthinkable occurs and a very wealthy person commits to actually buying something directly themselves by mistake, they (or rather, their staff) will demand delivery before payment and then either stiff you on the bill or pay at most 70% of it, six to eighteen months later.
These are practices established centuries ago by the British aristocracy and remain alive today.
Extremely wealthy people (i.e. 9-digit+ net worth) have teams of lawyers and accountants that figure out the optimal way to allocate the client's cash to achieve their goals. That may or may not include incurring debt, etc. Rich people borrow money too (not because they need to, but because it ultimately can make more financial sense to do so).
(there are of course exceptions to this, there are rich people bad with money or who want to look like they're richer than they actually are, but in general rich people stay rich by being smart about their money)
Wealthy people don't leave money on the table. If they can earn "free money" with a credit card point game, then why not?
Some of the cheapest people I know are wealthy. Cheap as in, they negotiate the hardest for the lowest price, even though it is meaningless to them. I have been told out right on more than one occasion that it's not about trying to make something affordable, but more of the shear enjoyment of making someone else take less just because they can.
Second this. When my extremely wealthy CEO overheard I was in the market for a new vehicle, he happily volunteered to get on the phone and pit 3 local Ford dealerships against each other in a bidding war for my business. I ended up saving an additional 12% off what I thought was already a discounted price. I think a majority of us regular people don't know how to tap into that ruthless negotiation when buying cars, houses, mattresses, etc.
They indeed tend to not by thinks on rates, so not to much "uplift" in your scores.
People which are wealthy tend to also try to get higher credits (for it to be worth it) and buy more
expensive thinks so if they messup it's often much more expensive for banks.
Not all people can handle money so there are a bunch of people which will never stay wealthy. Combined with the point above => higher rise.
Some care less for penalties when paying late and might "optimize" payments in ways which are not always mean on time/good for the score.
Lastly there are a bunch of wealthy people which optimized there business so that they only earn as much money as they need. They can always increase it but the banks can't trust this so the only see a person which might have problems paying back. (Note that not all of this people do illegal or unmoralic practices, some just only work as much as they need and not any bit more).
Lastly there is a simple question:
What does it mean if a rich/wealthy person _needs_ a credit?
(Btw. it's a different matter if it's not a private credit but for a company.)
I assumed it meant wealthy people continually get a clean slate when they mess up. So there is no concept of maintaining credit when allotted unlimited "redo's".
If it’s anything like the British aristocracy then “wealthy” people are deeply in debt all the time anyway and leveraged to the hilt and one crisis away from bankruptcy (bad credit) but keep getting loans because of their status. Is that what they meant?
I assume it means: You don't care about your credit score once you have a certain amount of money, because the limits of a bad score do not really impact you:
- Not approved for a car/house/boat loan? Sell some investments and pay cash.
- Turned down for a credit card? Get a secured card, or even a pre-paid card. Or carry cash.
- Turned down for a cell phone plan? Buy prepaid.
no, it means you dangle boatloads of potential fees and illusions of assets under management in front of the banker's eyes, like trump did with deutsche bank, and then watch the loans spew forth unencumbered by a silly third-party "score".
Is there a reason the triopoly (with Experian and Transunion) persists? I know the bond raters have some government granted status. If it’s the same situation for Experian, maybe they could lose that status to some other company?
Inertia, I assume. You can't get any kind of serious loan without a report from all three, and other things like background checks and rentals usually have one or two they prefer.
Everyone has to stop using services from financial institutions who use Equifax (i.e. almost all of them) until they cut ties with Equifax. If millions of people cancel close their BoA account in a single day, I imagine BoA would dump Equifax.
Of course, like most vote with your wallet schemes, this would never work in the real world. Anything that requires collective action of millions or billions of individuals, will either die with a whimper or make its way to history books as a once-in-a-century event. We cannot solve climate change by boycotting polluting companies; there is no way enough people join the boycott to make a difference. This is the same.
Like climate change, the only realistic path of success is political pressure. Equifax will remain as is as long as the legislature leaves them alone. If you want this to change, get involved in politics, write to your politicians, run for office.
Vote. Vote in the primaries. Vote in local elections. Vote in federal elections. Vote for people who will make their business model, in the manner they practice it, illegal.
If you don't want to vote, you can get even better ROI if you convince other people to vote instead.
As a consumer you can't do anything. You are not their customer. They are not accountable to you. As a citizen, you have power. They require your permission to operate.
I was hoping that such an egregious case would merit at least an enforced slap on the wrist. I guess even the talk of insider trading did not change that outcome. This, along with other recent events, suggests that justice system is tiered. This does not bode well for the future of the republic.
The deeper pockets wouldn’t be the problem. You give permission to financial institutions to share your data with the credit reporting bureaus, so good luck fighting that in court.
Do you really give permission/consent, or just accept the fact that you have no choice in the matter. A guy puts a gun in your face and says give me your wallet. You're not giving him permission to take your belongings. You're just doing what you have to do. Yes, I am equating the terms modern financial systems use as a gun in my face.
The data has never surfaced. I have to wonder if anybody who claims they had direct identity theft because of the breach automatically loses their claim.
It's interesting that most coverage of the incident ignores that detail. I guess people really dont like to hear it because it doesnt fit their narrative. Whatever this interest.com article is, it has very little value. It reads like seo spam. It doesn't discuss any of the developments in the last three weeks, such as Chicago, Indiana, Massachusetts all working out settlements.
China at this point has an amazing blackmail database — just correlate credit information with LinkedIn and Facebook data, and it’s trivial to find people with clearances or access to corporate secrets that you can get leverage on. Combine that with their attempted purchase of Grindr and other dating apps and you see a pattern.
Like I said, it doesn't fit the narrative of "data collectors = bad", it doesn't create the right emotional response, it doesnt help people hate equifax more, so it gets suppressed and immediately downvoted, on any forum.
Equifax can both be negligent and immoral AND not have caused any systemic identify thefts (that we know of, yet) from the event. I do think "a foreign government got the data on me" drastically shifts what the future threat from the exposure is, which should also change the settlement that was made under the pretense of them leaking data to traditional identity thieves or a black market.
> Like I said, it doesn't fit the narrative of "data collectors = bad", it doesn't create the right emotional response, it doesnt help people hate equifax more, so it gets suppressed and immediately downvoted, on any forum.
Have you considered that this might be caused by blind spots in your own news consumption?
For example, you previously linked to an article from 2019 that suggest the breach might have been a governmental attack, but you seem to have ignored the fact that 4 PLA members were indicted in February. There was widespread news coverage about this, including multiple submissions on this very forum. https://news.ycombinator.com/item?id=22289826 does not look like it was "suppressed and immediately downvoted".
Even if you did not have your identity stolen yet, losses from the breach can be as simple as "I bought an identity monitoring service due to the breach happening." It says so on the settlement's website: https://www.equifaxbreachsettlement.com/
"Time Spent during the Extended Claims Period recovering from fraud, identity theft, or other misuse of your personal information caused by the data breach"
In this case, the "misuse of [my] personal information" is the fact that it was leaked by Equifax to an unknown third party.
> If they can prove that the data never leaked,
I don't know how this would be possible, considering they announced that it did leak: "In September of 2017, Equifax announced it experienced a data breach"
Unless you mean, prove that the data has not been used yet. Which doesn't seem like a fair stipulation to the ~150 million impacted people. And it also doesn't seem possible to prove.
I want to be clear; I am not trying to downplay the severity of this. On the contrary, it's probably worse. The pretenses under which the settlement were made, was a faulty understanding of reality. Despite that, it doesnt give me the moral authority to lie for a piece of the faulty claim.
What I mean by that, is that we were told there was a breach, and that if we signed up for credit monitoring services we were entitled to money. We were told to use our time to freeze our accounts. That however, did nothing to protect us from what actually happened. A nation states military collected the data. That is arguably worse than it being used by cyber criminals to take out loans and credit cards. We were given the impression that we needed to protect ourselves from people opening accounts in our names or using the data to access accounts. That in no way reflects what risk we are actually exposed to.
Equifax put us in harms way of a MILITARY. Not petty identity theft. How do you even quantify what kind of threat that is? The settlement doesn't reflect that. It doesnt mean that despite the settlement not reflecting reality, that I should go say they owe me $125 dollars for credit monitoring services. Especially when damn near every bank in the country offers it for free. Tons and tons of press were saying "if you already have credit monitoring services, just fill out the form." It doesn't work that way, and because Im not getting compensated for a Military threat, doesnt make it ok to claim what I am not entitled to. It doesnt make up for it. There is no way to quantify what the monetary damage of the threat actually is. There is no way to know how 20 or 30 years down the road it could make travel more dangerous. Just because the settlement is wrong, doesnt make it right to file a false claim.
If people really did go pay for credit monitoring (not free stuff they signed up for or already had), or did spend lots of time freezing credit, they do deserve compensation for time wasted based on equifax giving us the wrong information. But since I was not harmed in the way they told me I was when they made the settlement, I shouldnt be ethically entitled to settlement money dolled out under false pretenses. Two wrongs don't make a right, nor do they make us whole.
>"Time Spent during the Extended Claims Period recovering from fraud, identity theft, or other misuse of your personal information caused by the data breach"
If we agree that the data has never left the government that collected it; we can determine there was no fraud, identity theft, or misuse, then I could not have spent time "recovering from it." How do you even know how to "recover" from a military collecting data on you?
>Which doesn't seem like a fair stipulation to the ~150 million impacted people.
The real victims could be large organizations who are penetrated using the data to answer security questions or verifications. I still find it unlikely this data has yet been used in a direct attack against the impacted people.
This all stemmed from me asking if providing false information to a claim could make you ineligible. I would consider it false information to say "i was directly attacked and spent time performing recovery actions and had money stolen from me" due to this breach (as far as we know, nobody has yet had an incident because of it, and there is no actual way to recover, short of an emp burst), or to claim that the free credit monitoring I already had counts towards some kind of time wasted credit. It is my opinion, that the intent of "Time Spent during the Extended Claims Period recovering from fraud" IMPLIES there was some kind of fraud that occurred to some people, and that isnt the case. And the large claims against this settlement are for MONEY LOST due to direct attacks. Those are the types of settlement claims I am asking if could be made invalid.
This is what the settlement site says right now.
>If you were impacted by the Equifax data breach, you may seek reimbursement for valid Out of Pocket losses or Time Spent (excluding losses of money and time associated with freezing or unfreezing credit reports or purchasing credit monitoring or identity theft protection) incurred during the Extended Claims Period if you have not received reimbursement for the claimed loss through other means.
>Out-of-Pocket Losses during the Extended Claims Period resulting from the data breach up to $20,000.
It is an odd magicians distraction, a ruse of sorts. Their settlement covers events that didn't occur to anyone, and imply the wrong future risks. Anybody who applied for this part of the claim gave false information. IF nobody had true out of pocket losses (excluding credit monitoring or time freezing) there is no legitimate claim for this part of the settlement. QED.
Presuming you do think it is a legitimate data breach then, why did you suggest that victims should lose their claim to having been caught up in it?
Do you not think their (and probably your, if you're American) position of anxiety and their personal information being used nefariously is worthy of being made right? The data does not need to "surface" for it to have been used to steal someone's identity.
From a legal perspective, does providing incorrect information to a settlement somehow make your claim invalid?
People were using the correlation of "I had an identity breach around this time, it must be causation" as part of their claim. If your identity is stolen by a different party, simultaneously, how do you legally have a right to use that against a different party?
Did you read the article? The data likely hasnt been used yet, it was likely stolen by a government that is holding it for their own purposes, not using it for credit card theft.
> "I had an identity breach around this time, it must be causation" as part of their claim. If your identity is stolen by a different party, simultaneously, how do you legally have a right to use that against a different party?
I don't quite follow - do you mean "leaked" by a different party simultaneously? If that's the case, then yes, maybe it is hard to tell which party's data got scooped up by the Bad Guys. And you'd have a hard day in court against even a single actor leaking your data in the US, since it's not a strict liability crime.
In this case it doesn't matter. I did read the article: it says Equifax agreed to a settlement and they need to pay out. They haven't paid out yet. Whatever happens after that agreement doesn't retroactively invalidate the settlement. A settlement is to make the whole thing go away, regardless of whether the breach turned into an identity disaster or a Nothingburger.
The settlement is an independent event from validating claims to the settlement.
>I don't quite follow - do you mean "leaked" by a different party simultaneously?
Yes
And, from my limited understanding of the case, the settlement is not set it stone. There are still appeals, the settlement has not been accepted universally. They apparently dont need to pay out while they still have their days in court. https://outline.com/zL6mgP
>Under the settlement terms, cash benefits cannot be paid, and credit monitoring, credit restoration and identity protection services remain on hold until the objectors’ appeals are resolved.
The appeals to the settlement you linked are about the appropriate compensation for the plaintiffs, not about whether claimants are eligible.
I'm not sure how one would prove their identify theft was specifically due to Equifax's data breach even if the leaked data were available, so I don't understand that that could be a condition for a claim to be valid. My interpretation is that your claim is valid if you had data with Equifax and you subsequently spent time or money establishing credit monitoring or identity theft resolution.
If there's more to it than that, and Equifax has arranged the settlement such that a claimant has to somehow prove the source of their identity theft was Equifax, then yes, I agree even more strongly with the "Equifax bad" narrative you decried upstream. That would be impossible to prove, even if the data did surface.
If you can prove the data has never been made available, you can prove it wasnt used.
If you can prove that data existed previously, the data used came from somewhere else, you essentially prove it didn't come from this breach. You would do this by catching the people responsible for identity theft, and identifying what data source they used. It would be very unlikely for equifax or anyone to go through this trouble or risk the bad press of attacking victims (even if they are somebody elses victims.)
>My interpretation is that your claim is valid if you had data with Equifax and you subsequently spent time or money establishing credit monitoring or identity theft resolution.
I believe there were different types of claims, one being credit monitoring, and another that your data was used against you.
> If you can prove the data has never been made available, you can prove it wasnt used.
Considering that Equifax announced they experienced a data breach, it is clear the data has been made available to someone that isn't Equifax. So I don't know why we're entertaining that avenue, when it's admitted that the data has left the purview of the entity to which it was trusted.
I think we agree that it's very hard if not impossible to determine the source of identity theft. I believe that even if the data were made public, we would not be any closer to making most of those determinations. Which is why whether or not we've "seen" the data from this breach, to me, is immaterial - the fact that the breach happened in the first place caused people to enroll in credit monitoring, suffer emotional distress, and other quantifiable damages/expenses that would not have happened had there not been a breach.
That all seems to be perfectly within the scope of "time spent recovering from [...] other misuse of your personal information caused by the data breach" outlined on the settlement website[0] as validity to a claim. The "misuse of [my] personal information" happened the moment the data left Equifax's servers. It has nothing to do with whether the data got used for identity theft (yet) or shared by the thieves.
It does not say "you must prove that the pieces of your identity that were stolen came specifically from this data breach", or "if it turns out whoever stole the data sits on it for a while, then you don't get compensated" -- these are impossible stipulations, and we should hold Equifax to a higher standard in this landmark case.
I think the point OP was making that if the data hasn't surfaced, then you cannot confirm if a particular case of identity theft has been caused by the breach.
That's a fair line of thought, but their comment was: data hasn't surfaced -> can't know where an identity theft came from -> Equifax petitioners lose their right to the settlement
When the reality is: Equifax agreed to pay a settlement -> Equifax has not yet paid yet (and whether the material surfaces or not was not a stipulation of the settlement that they agreed to)
What it really comes down to, is if "data hasn't surfaced" means "we dont know if the data was used" or if "data hasn't surfaced" is something you can prove hasnt happened. It's the difference between "we dont know" or "we know your identity theft wasnt related to this."
So in your "narrative" do social security numbers and other sensitive personal details have some sort of expiration date where if they don't "surface" within a certain time frame they are no longer useable?
What an absurd implication. Just because something doesn't end up in a massive file dump on the dark web doesn't somehow mean it's not usable. Quite the opposite its actually too valuable to dump on the dark web.
"The Court gave final approval to the Settlement and overruled all objections on January 13, 2020. However, some of those that objected to the Settlement have now appealed the Court’s decision to approve the Settlement. By order of the Court, the Settlement cannot become final until all appeals are resolved and there is currently no timeline for the resolution of these appeals. When the appellate court enters a schedule for the appeal, we will update this website to provide individuals with more guidance as to the timing of a decision. Please check back for further updates."