Even if you did not have your identity stolen yet, losses from the breach can be as simple as "I bought an identity monitoring service due to the breach happening." It says so on the settlement's website: https://www.equifaxbreachsettlement.com/
"Time Spent during the Extended Claims Period recovering from fraud, identity theft, or other misuse of your personal information caused by the data breach"
In this case, the "misuse of [my] personal information" is the fact that it was leaked by Equifax to an unknown third party.
> If they can prove that the data never leaked,
I don't know how this would be possible, considering they announced that it did leak: "In September of 2017, Equifax announced it experienced a data breach"
Unless you mean, prove that the data has not been used yet. Which doesn't seem like a fair stipulation to the ~150 million impacted people. And it also doesn't seem possible to prove.
I want to be clear; I am not trying to downplay the severity of this. On the contrary, it's probably worse. The pretenses under which the settlement were made, was a faulty understanding of reality. Despite that, it doesnt give me the moral authority to lie for a piece of the faulty claim.
What I mean by that, is that we were told there was a breach, and that if we signed up for credit monitoring services we were entitled to money. We were told to use our time to freeze our accounts. That however, did nothing to protect us from what actually happened. A nation states military collected the data. That is arguably worse than it being used by cyber criminals to take out loans and credit cards. We were given the impression that we needed to protect ourselves from people opening accounts in our names or using the data to access accounts. That in no way reflects what risk we are actually exposed to.
Equifax put us in harms way of a MILITARY. Not petty identity theft. How do you even quantify what kind of threat that is? The settlement doesn't reflect that. It doesnt mean that despite the settlement not reflecting reality, that I should go say they owe me $125 dollars for credit monitoring services. Especially when damn near every bank in the country offers it for free. Tons and tons of press were saying "if you already have credit monitoring services, just fill out the form." It doesn't work that way, and because Im not getting compensated for a Military threat, doesnt make it ok to claim what I am not entitled to. It doesnt make up for it. There is no way to quantify what the monetary damage of the threat actually is. There is no way to know how 20 or 30 years down the road it could make travel more dangerous. Just because the settlement is wrong, doesnt make it right to file a false claim.
If people really did go pay for credit monitoring (not free stuff they signed up for or already had), or did spend lots of time freezing credit, they do deserve compensation for time wasted based on equifax giving us the wrong information. But since I was not harmed in the way they told me I was when they made the settlement, I shouldnt be ethically entitled to settlement money dolled out under false pretenses. Two wrongs don't make a right, nor do they make us whole.
>"Time Spent during the Extended Claims Period recovering from fraud, identity theft, or other misuse of your personal information caused by the data breach"
If we agree that the data has never left the government that collected it; we can determine there was no fraud, identity theft, or misuse, then I could not have spent time "recovering from it." How do you even know how to "recover" from a military collecting data on you?
>Which doesn't seem like a fair stipulation to the ~150 million impacted people.
The real victims could be large organizations who are penetrated using the data to answer security questions or verifications. I still find it unlikely this data has yet been used in a direct attack against the impacted people.
This all stemmed from me asking if providing false information to a claim could make you ineligible. I would consider it false information to say "i was directly attacked and spent time performing recovery actions and had money stolen from me" due to this breach (as far as we know, nobody has yet had an incident because of it, and there is no actual way to recover, short of an emp burst), or to claim that the free credit monitoring I already had counts towards some kind of time wasted credit. It is my opinion, that the intent of "Time Spent during the Extended Claims Period recovering from fraud" IMPLIES there was some kind of fraud that occurred to some people, and that isnt the case. And the large claims against this settlement are for MONEY LOST due to direct attacks. Those are the types of settlement claims I am asking if could be made invalid.
This is what the settlement site says right now.
>If you were impacted by the Equifax data breach, you may seek reimbursement for valid Out of Pocket losses or Time Spent (excluding losses of money and time associated with freezing or unfreezing credit reports or purchasing credit monitoring or identity theft protection) incurred during the Extended Claims Period if you have not received reimbursement for the claimed loss through other means.
>Out-of-Pocket Losses during the Extended Claims Period resulting from the data breach up to $20,000.
It is an odd magicians distraction, a ruse of sorts. Their settlement covers events that didn't occur to anyone, and imply the wrong future risks. Anybody who applied for this part of the claim gave false information. IF nobody had true out of pocket losses (excluding credit monitoring or time freezing) there is no legitimate claim for this part of the settlement. QED.
If they can prove that the data never leaked, then everyone's claim becomes invalid, because you didn't suffer any losses from the breach.