> If you can prove the data has never been made available, you can prove it wasnt used.
Considering that Equifax announced they experienced a data breach, it is clear the data has been made available to someone that isn't Equifax. So I don't know why we're entertaining that avenue, when it's admitted that the data has left the purview of the entity to which it was trusted.
I think we agree that it's very hard if not impossible to determine the source of identity theft. I believe that even if the data were made public, we would not be any closer to making most of those determinations. Which is why whether or not we've "seen" the data from this breach, to me, is immaterial - the fact that the breach happened in the first place caused people to enroll in credit monitoring, suffer emotional distress, and other quantifiable damages/expenses that would not have happened had there not been a breach.
That all seems to be perfectly within the scope of "time spent recovering from [...] other misuse of your personal information caused by the data breach" outlined on the settlement website[0] as validity to a claim. The "misuse of [my] personal information" happened the moment the data left Equifax's servers. It has nothing to do with whether the data got used for identity theft (yet) or shared by the thieves.
It does not say "you must prove that the pieces of your identity that were stolen came specifically from this data breach", or "if it turns out whoever stole the data sits on it for a while, then you don't get compensated" -- these are impossible stipulations, and we should hold Equifax to a higher standard in this landmark case.
Considering that Equifax announced they experienced a data breach, it is clear the data has been made available to someone that isn't Equifax. So I don't know why we're entertaining that avenue, when it's admitted that the data has left the purview of the entity to which it was trusted.
I think we agree that it's very hard if not impossible to determine the source of identity theft. I believe that even if the data were made public, we would not be any closer to making most of those determinations. Which is why whether or not we've "seen" the data from this breach, to me, is immaterial - the fact that the breach happened in the first place caused people to enroll in credit monitoring, suffer emotional distress, and other quantifiable damages/expenses that would not have happened had there not been a breach.
That all seems to be perfectly within the scope of "time spent recovering from [...] other misuse of your personal information caused by the data breach" outlined on the settlement website[0] as validity to a claim. The "misuse of [my] personal information" happened the moment the data left Equifax's servers. It has nothing to do with whether the data got used for identity theft (yet) or shared by the thieves.
It does not say "you must prove that the pieces of your identity that were stolen came specifically from this data breach", or "if it turns out whoever stole the data sits on it for a while, then you don't get compensated" -- these are impossible stipulations, and we should hold Equifax to a higher standard in this landmark case.
[0]: https://www.equifaxbreachsettlement.com/