Some consumers hoping to get compensation for a massive 2017 data breach at credit bureau Equifax are running into trouble: The settlement site’s eligibility tool seems glitchy, phone lines are jammed, and fake websites are trying to sucker people into divulging personal data.
Equifax agreed to the settlement after it failed to patch a known vulnerability, which exposed the personal data of about 147 million U.S. consumers. The settlement includes an initial restitution fund of $380.5 million to cover settlement benefits, legal fees and administrative costs.
If you’ve been affected, beware of these pitfalls:
You may be targeted by scammers
Be suspicious of banner ads, emails and phone calls about the breach settlement. The Federal Trade Commission warned consumers Monday about scammers setting up fake websites to steal people’s identifying information or charging people for representation.
“No good fraudster ever allowed a breach or disaster to go by without trying to find ways to use it as an opportunity,” said Adam Levin, a consumer advocate and identity theft expert.
Go directly to the official website or call the settlement administrator at 833-759-2982 to check your eligibility. Signing up is free.
You may run into settlement website issues
The website is run by settlement administrator JND Legal Administration, not Equifax. It includes a tool to see if you were affected; you enter your last name and the last six digits of your Social Security number. There’s a claim form to use if you are affected. However, consumers have noticed glitches:
- The tool has returned conflicting results for the same name and Social Security number combination.
- Some users noticed that pairing a random “123456” with several common last names returned a result of “affected” by the data breach. That raises questions about how the matching is being done.
- The claim form has permitted users to sign up for remedies that are supposed to be mutually exclusive: the offer of free credit monitoring or a cash payment. Users were given approvals and confirmation numbers for both, rather than being refused because they’d already signed up for one. When confirmation numbers were entered to check the status, both showed “received.”
“You want to have faith in the integrity of the settlement,” Levin said. “If it’s an issue where you can go in there and you’re eligible, you’re not eligible, but wait a minute, you are eligible again … people are going, ‘What am I really entitled to?’”
It’s unclear how administrators will determine which claims are legitimate. The website FAQs advise consumers to try all names they have used, such as maiden and married, and to use the name that returned an “affected” result when filing a claim.
Attempts to reach JND for comment by phone and email were unsuccessful. On Tuesday, the main number was being answered by a recording directing people with Equifax questions to call the settlement line.
A representative who answered the settlement phone line Monday said that it is not possible to sign up for both monitoring and the alternative cash reimbursement. If a consumer was somehow able to do so, the requests would probably cancel each other out and the consumer would end up with nothing.
Levin said that would be unfair. There’s no way to know if people forgot they had already filed or if their compromised data was used by someone else to file a claim.
The Identity Theft Resource Center, a nonprofit that helps identity theft victims recover, recommends taking things slowly. “Filing without thinking through all of the possibilities or having all the supporting documentation could shortchange your identity hygiene in the long run,” a post on its website warns.
Taking the money? You’re likely to get less than you hoped
The homepage of the settlement website walks affected consumers through their choices. The first is choosing between free credit monitoring or a cash payment if they already have credit monitoring.
While the FAQ section makes it clear that the cash payment is “up to” $125, the initial settlement page does not. If you choose cash, you’re likely to get less than that.
Here’s why: The settlement provides a $31 million fund to pay these claims. If there are enough claims to drain that fund, the amount each person gets will drop as the money is distributed proportionally. If more than 248,000 claims are approved — less than one-fifth of 1 percent of the 147 million consumers affected — claimants will get less than $125.
In addition, you can seek reimbursement of $25 per hour for time spent dealing with the breach. You can claim up to 10 hours without supplying supporting documentation. But if you are hoping to collect $250, you may be disappointed.
Again, the payments depend on how many people apply. There is another pool of $31 million set aside for these claims, and the payout will be reduced for everyone proportionally depending on how many apply.
If you do nothing, you get nothing
You have deadlines that affect your rights:
- You have until Jan. 22, 2020, to opt into the settlement by making a claim. By opting in, you give up the right to pursue separate legal claims over the data breach.
- You have until Nov. 19 to opt out of the settlement and retain your right to sue Equifax separately. You give up the option to get the remedies offered in the settlement. You must opt out by postal mail; you can’t do it via the website.
- If you do neither of the above, you lose the ability to pursue legal claims related to the data breach once the settlement becomes final.
How can you protect yourself?
The best protection, whether your data has been compromised or not, is to freeze your credit .
Experts consider a credit freeze the strongest protection because it closes off access to your credit reports. If a criminal tries to open credit in your name, they will likely fail because most creditors won’t open an account without being able to check your credit history.
More From NerdWallet