If your information was compromised during the massive 2017 Equifax data breach, you could be entitled to up to $20,000.
On Monday, Equifax agreed to pay nearly $700 million to settle federal and state investigations into how it handled a massive data breach that affected nearly 150 million people.
The settlement includes $425 million to directly help consumers affected by the breach. The restitution fund will start with $300 million dedicated to consumer compensation, with an additional $125 million at the ready if the initial funds run out.
The Federal Trade Commission opened up the online claims process on Wednesday, where affected consumers can file a digital form (or print one out and send it in) to claim some of that settlement. The deadline to submit a claim is January 22, 2020.
The settlement provides a cash payment of up to $20,000. “Go into this with your eyes open,” Charity Lacey, VP of communications at Identity Theft Resource Center, tells CNBC Make It. “Part of this claims process really puts the onus on the consumer to justify that they deserve that.”
Here’s what you need to know before you file.
Are you eligible?
The Equifax data breach was one of the largest in history, with about 56% of Americans affected. Hackers were able to get access to a multitude of consumers’ private information, including names, Social Security numbers, dates of birth, credit card numbers and driver’s license numbers.
You can use this online tool to submit your last name and the last six digits of your Social Security number to see if your information has been compromised.
What does the claim cover?
There are four types of relief you can claim from Equifax under the terms of the settlement:
Credit monitoring: Affected consumers will have the opportunity to receive at least four years of credit-monitoring services through Experian and up to an additional six years of monitoring with Equifax. If you already have credit monitoring in place, you can request a $125 cash payment.
Time loss: Consumers can submit claims for any time they had to spend dealing with data breach — $25 per hour, up to 20 hours, according to the FTC. The claims form notes that if you claim 10 hours or less of compensation, you’ll need to write out the actions you took and an estimate of the time you spent on each task. If you claim over 10 hours, you need to submit supporting documents “showing fraud, identity theft, or other misuse of your personal information.”
Monetary loss: Consumers will be able to claim up to $20,000 for any losses or fraud that were the results of the breach or any out-of-pocket expenses they may have incurred, such as paying to freeze and unfreeze their credit reports. You’ll need to attach supporting documents, such as receipts, to show how much money you spent.
Partial reimbursement for Equifax credit monitoring: If you paid for Equifax credit monitoring or identity theft protection subscription from September 7, 2016 to September 7, 2017, you can be reimbursed for up to 25% of your subscription payment.
What should you claim?
Submitting a claim can be “overwhelming,” so take it slow, Lacey says. At the very least, you should claim the free credit monitoring for up to 10 years. “There should be no reason whatsoever not to file, especially the basic claim — the credit monitoring — or if you have credit monitoring, the claim for $125,” says Jack Gillis, executive director of the Consumer Federation of America. This is probably what most consumers will file for, Gillis adds.
If you plan to file a claim for time or monetary loss, you’ll want to gather your documentation before you even start filling out the online claims form. Documenting any time or money you spent because of this breach will be crucial to receiving compensation. “If you don’t have good records, you may not be able to see the full benefit of what the settlement is providing,” Lacey says.
When thinking through your potential compensation, cast a wide net, says Allen St. John, a technology and privacy expert with Consumer Reports. “They’re never going to give you more than you ask for,” he tells CNBC Make It. Make sure you include not only the time you spent at the bank, but also your travel time getting to your local branch. “Your time and your money are valuable,” St. John says, so make sure you are properly reimbursed.
Be as clear as possible when submitting information, and keep copies of everything including any documents you submit and also the completed claim form. St. John recommends taking screenshots.
Keep in mind that you can only really claim reimbursement for the time and money you lost — not any future harm or emotional turmoil you may have suffered. “It’s unlikely that many consumers will get the full $20,000 — not only because they won’t be able to find the documentation, but because it didn’t actually cost them $20,000.” Now it may have cost them $100,000 in angst, anxiety, pain and mental stress, but that’s not at issue, Gillis says.
It may also be worth waiting, Lacey says. If you’re in a rush you may forget to include some of the steps you took. Plus, consumers have until November to file objections to the settlement and that may have an impact, she says. “You don’t have to hit ‘submit’ today,” Lacey says.
What happens if you don’t file a claim?
Under the terms of the settlement, there are services that you are entitled to — even if you don’t file an official claim, the FTC says.
The biggest benefit: increased access to free credit reports. Starting next year, you can request up to six additional free credit reports per year from Equifax through 2027. This is in addition to the one free credit report all Americans can request annually from each credit bureau — Equifax, Experian and Transunion.
The settlement also allows anyone whose information was accessed to get free assisted identity restoration service for at least the next seven years. This service will help you fix any fraud or identity theft issues caused by the breach. If you believe you’ve been a victim of fraud caused by the breach, call the settlement administrator at 1-833-759-2982.
Going forward, Lacey says it’s important for consumers to take breach notifications seriously and document what you do in response. The Identity Theft Center’s ID Theft Help app has a case log manager tool that can help you track any actions you take in response to a breach.
“This may be the new norm when it comes to these things,” Lacey says.