Equifax settles with FTC over 2017 breach, but consumers unlikely to see full returns


At Bankrate we strive to help you make smarter financial decisions. While we adhere to strict , this post may contain references to products from our partners. Here’s an explanation for

The content on this page is accurate as of the posting date; however, some of the offers mentioned may have expired.

The Federal Trade Commission recently announced its settlement with Equifax following the credit bureau’s 2017 security breach that affected 147 million American consumers.

As part of the settlement, up to $425 million was designated to help people affected by the breach. Originally, consumers who were affected could file a claim to receive either a $125 payout or a decade of free credit monitoring.

After “overwhelming” public response, however, it’s now unlikely that any claimants will receive a payout equal to the amount originally stated.

“A large number of claims for cash instead of credit monitoring means only one thing: each person who takes the money option will wind up only getting a small amount of money,” said Robert Schoshinski, assistant director of the division of privacy and identity protection, in a blog post on the FTC website Wednesday. “Nowhere near the $125 they could have gotten if there hadn’t been such an enormous number of claims filed.”

The details

According to the FTC, though the settlement designated at least $300 million and up to $425 million to help consumers, just $31 million of that was set aside for the cash payout option.

In the original notice, consumers were given the option to choose between up to 10 years of free credit monitoring services or, for those who already have credit monitoring services, a $125 cash payment.

Those affected may also be able to claim compensation for time spent dealing with the breach ($25 per hour up to 20 hours) and for any identity theft that can be traced to the breach (up to $20,000), making up the rest of the designated funds.

Should you file a claim?

If you were one of the 147 million people affected and have not filed your claim with the FTC, it’s still worth taking the time to do so, says Ted Rossman, industry analyst at Bankrate.

You can determine your eligibility here and file your claim here.

The FTC is encouraging those who haven’t yet filed a claim to opt for the credit monitoring option. However, there are plenty of free credit monitoring services out there that you can take advantage of, including from Bankrate, which means claiming the cash payout from Equifax is likely still the better option for many consumers. You can ensure your credit is safe and receive the payout as an added bonus, even if it’s unlikely to be any amount near $125.

But your precautionary measures shouldn’t end there. Especially as major data breaches continue to affect millions of customers of popular brands like Marriott and, most recently, Capital One, it’s more important than ever to ensure your information is protected.

“Credit monitoring and checking your credit reports and bank/credit card statements are good, but are supplements,” Rossman says. “These will just tell you there was a problem, rather than preventing it from happening in the first place.”

Next steps

“My top tip is to freeze your credit,” Rossman says. “That’s the best way to prevent criminals from opening unauthorized accounts in your name. It’s free, quick and easy. Contact Equifax, Experian and TransUnion to do this. I froze my credit with all three bureaus online in less than 10 minutes total.”

In addition to credit freezes and monitoring systems, take it upon yourself to review your credit card and bank statements as well as your credit reports regularly to ensure nothing is awry. Nobody knows your financial situation better than you, and you can be the first line of defense against any fraudulent accounts or spending that occurs in your name.

It’s also important to develop strong alphanumeric passwords, don’t repeat passwords and update passwords on all accounts regularly.

Rossman cites a recent CreditCards.com survey that found more than 80 percent of adults are guilty of reusing passwords and most internet users who do reuse passwords use the same password at least half (61 percent) or all (22 percent) of the time.

“If you find it hard to remember all of your different logins, use a password aggregator such as LastPass to do it for you,” he says. “They’ll create secure, unique passwords for all of the sites you visit and you only have to remember one master password.”

And though there isn’t much you can do to prevent massive data breaches from occurring, you can help prevent fraud at an individual level by staying aware of the ways in which you may be putting your data at risk.

“That CreditCards.com survey found about half of Americans had done sensitive business over public Wi-Fi over the past year, about a third carry their Social Security Card on a daily basis and 28 percent throw out sensitive mail without shredding,” Rossman says. “Don’t commit these data security sins.”