Presuming you do think it is a legitimate data breach then, why did you suggest that victims should lose their claim to having been caught up in it?
Do you not think their (and probably your, if you're American) position of anxiety and their personal information being used nefariously is worthy of being made right? The data does not need to "surface" for it to have been used to steal someone's identity.
From a legal perspective, does providing incorrect information to a settlement somehow make your claim invalid?
People were using the correlation of "I had an identity breach around this time, it must be causation" as part of their claim. If your identity is stolen by a different party, simultaneously, how do you legally have a right to use that against a different party?
Did you read the article? The data likely hasnt been used yet, it was likely stolen by a government that is holding it for their own purposes, not using it for credit card theft.
> "I had an identity breach around this time, it must be causation" as part of their claim. If your identity is stolen by a different party, simultaneously, how do you legally have a right to use that against a different party?
I don't quite follow - do you mean "leaked" by a different party simultaneously? If that's the case, then yes, maybe it is hard to tell which party's data got scooped up by the Bad Guys. And you'd have a hard day in court against even a single actor leaking your data in the US, since it's not a strict liability crime.
In this case it doesn't matter. I did read the article: it says Equifax agreed to a settlement and they need to pay out. They haven't paid out yet. Whatever happens after that agreement doesn't retroactively invalidate the settlement. A settlement is to make the whole thing go away, regardless of whether the breach turned into an identity disaster or a Nothingburger.
The settlement is an independent event from validating claims to the settlement.
>I don't quite follow - do you mean "leaked" by a different party simultaneously?
Yes
And, from my limited understanding of the case, the settlement is not set it stone. There are still appeals, the settlement has not been accepted universally. They apparently dont need to pay out while they still have their days in court. https://outline.com/zL6mgP
>Under the settlement terms, cash benefits cannot be paid, and credit monitoring, credit restoration and identity protection services remain on hold until the objectors’ appeals are resolved.
The appeals to the settlement you linked are about the appropriate compensation for the plaintiffs, not about whether claimants are eligible.
I'm not sure how one would prove their identify theft was specifically due to Equifax's data breach even if the leaked data were available, so I don't understand that that could be a condition for a claim to be valid. My interpretation is that your claim is valid if you had data with Equifax and you subsequently spent time or money establishing credit monitoring or identity theft resolution.
If there's more to it than that, and Equifax has arranged the settlement such that a claimant has to somehow prove the source of their identity theft was Equifax, then yes, I agree even more strongly with the "Equifax bad" narrative you decried upstream. That would be impossible to prove, even if the data did surface.
If you can prove the data has never been made available, you can prove it wasnt used.
If you can prove that data existed previously, the data used came from somewhere else, you essentially prove it didn't come from this breach. You would do this by catching the people responsible for identity theft, and identifying what data source they used. It would be very unlikely for equifax or anyone to go through this trouble or risk the bad press of attacking victims (even if they are somebody elses victims.)
>My interpretation is that your claim is valid if you had data with Equifax and you subsequently spent time or money establishing credit monitoring or identity theft resolution.
I believe there were different types of claims, one being credit monitoring, and another that your data was used against you.
> If you can prove the data has never been made available, you can prove it wasnt used.
Considering that Equifax announced they experienced a data breach, it is clear the data has been made available to someone that isn't Equifax. So I don't know why we're entertaining that avenue, when it's admitted that the data has left the purview of the entity to which it was trusted.
I think we agree that it's very hard if not impossible to determine the source of identity theft. I believe that even if the data were made public, we would not be any closer to making most of those determinations. Which is why whether or not we've "seen" the data from this breach, to me, is immaterial - the fact that the breach happened in the first place caused people to enroll in credit monitoring, suffer emotional distress, and other quantifiable damages/expenses that would not have happened had there not been a breach.
That all seems to be perfectly within the scope of "time spent recovering from [...] other misuse of your personal information caused by the data breach" outlined on the settlement website[0] as validity to a claim. The "misuse of [my] personal information" happened the moment the data left Equifax's servers. It has nothing to do with whether the data got used for identity theft (yet) or shared by the thieves.
It does not say "you must prove that the pieces of your identity that were stolen came specifically from this data breach", or "if it turns out whoever stole the data sits on it for a while, then you don't get compensated" -- these are impossible stipulations, and we should hold Equifax to a higher standard in this landmark case.
I think the point OP was making that if the data hasn't surfaced, then you cannot confirm if a particular case of identity theft has been caused by the breach.
That's a fair line of thought, but their comment was: data hasn't surfaced -> can't know where an identity theft came from -> Equifax petitioners lose their right to the settlement
When the reality is: Equifax agreed to pay a settlement -> Equifax has not yet paid yet (and whether the material surfaces or not was not a stipulation of the settlement that they agreed to)
What it really comes down to, is if "data hasn't surfaced" means "we dont know if the data was used" or if "data hasn't surfaced" is something you can prove hasnt happened. It's the difference between "we dont know" or "we know your identity theft wasnt related to this."
Do you not think their (and probably your, if you're American) position of anxiety and their personal information being used nefariously is worthy of being made right? The data does not need to "surface" for it to have been used to steal someone's identity.