Consumers whose personal information was exposed by the 2017 Equifax data breach are running out of time to receive compensation, though the amount is likely to be far less than many had hoped.
The deadline for seeking reimbursement for time, losses and out-of-pocket expenses from the breach, which affected more than 145 million U.S. consumers, is Jan. 22.
Last July the Federal Trade Commission opened a claim process to distribute as much as $425 million to compensate the millions of victims of the Equifax data breach as part of the company's $700 million settlement with the commission, which was finalized this week in U.S District Court in Georgia.
The limit for individual claims is $20,000, although a claim that large requires substantial documentation and may not be paid out in full.
Initially, the FTC announced that affected consumers would receive at least four years of free monitoring from the three major credit rating agencies through Experian and up to six more years of free, one-bureau credit monitoring through Equifax.
Consumers who already had credit monitoring in place could receive a cash payment of up to $125 without providing any documentation. After seeing an initial flurry of claims, the FTC did an about-face last fall and began requiring documentation from consumers requesting cash in lieu of the credit monitoring service.
While the credit monitoring remains an option, even if you have coverage, it's likely that any cash payments will be far less than the maximum of $125.
Ted Frank, an attorney for Hamilton Lincoln Law Institute who is planning to file an appeal of the Equifax class action settlement, explains that there are several "buckets" of funds for different parts of the settlement. The bucket for those seeking cash payments in lieu of the credit monitoring totals $31 million. A plaintiff's filing reported that as of a month ago, more than 4 million consumers had already filed for the cash.
"Do the math," says Frank. "Divide $31 million by over 4 million and you get [around] $7."
The FTC's site echoes this caution: "The amount that you receive may be substantially less than $125, depending on the number of claims that are filed."The best approach to the claim process depends on the extent of your losses. If you were the victim of identity theft that cost you a significant amount of money, it makes sense to gather the receipts and other supporting documents required for a larger claim that approaches the $20,000 individual limit.
If you simply spent time researching your options and locking down your accounts, you can make a less detailed claim that will provide you with a little cash and/or free credit card monitoring and identity theft restoration services.
How to file a claim
Step 1: Use this link to access the claim process. Then scroll down to “Find Out if Your Information Was Impacted” and click on that link. After entering your last name and the last six digits of your Social Security number, you’ll instantly get an answer about whether your data was exposed and if you’re eligible to file a claim.If the answer is yes, click on File a Claim Today toward the top of the page. CR’s tip: If you’re a parent, remember to check your kids’ Social Security numbers, which are especially valuable to identity thieves.
Step 2: On the next page, you'll find your options for filing. Filing online is the most convenient, but you can also download a form and return it to the following address:
Equifax Data Breach Settlement Administrator c/o JND Legal AdministrationP.O. Box 91318Seattle, WA 98111-9418 CR’s tip: Claims for minors must be sent by mail.
Step 3: Next, you’ll see your options for reimbursement and fields where you’ll fill out your personal information. CR’s tip: Remember that “Alternative Names” is a good place to include your maiden name.
Step 4: In Section 1, you get the option of free credit monitoring from Equifax, Experian, and TransUnion or a cash payment of up to $125. To get the cash, you must certify that you have credit monitoring and will keep it for six months and provide documentation. CR’s tip: Remember that some employers and financial institutions provide credit monitoring.
Step 5: In Section 2, you can request reimbursement for up to $500 (20 hours at $25 per hour) for time spent managing accounts affected by the breach. The first 10 hours require only a description of the time spent. For time beyond that, you must include supporting documents showing that your personal data was misused. The form asks you to supply the total amount of time spent on each task, the month and year, and a brief description of the task. CR’s tip: Think broadly. Account for time spent talking to a representative from a bank or a credit card company, but also include time spent waiting on hold. If you had to make a trip to the bank or another financial institution, that travel time counts, too. And include the time you spent filling out the claim itself.Note that the fund for reimbursement of time spent is limited to $31 million, so the amount of your check could depend on the number of other claimants and the size of their claims.
Step 6: Under Cash Payment, you can request reimbursement for up to $20,000 in losses, but you will need to document those expenses, except for any credit monitoring by Equifax that you paid for. As for identity theft costs, the FTC will accept claims for any unreimbursed losses following the breach’s start in May 2017, the commission notes, because it’s difficult to correlate a specific loss with a given data breach. CR’s tip: Out-of-pocket expenses can include money you spent on credit freezes or credit monitoring, postage, faxes, mileage, and telephone charges. Professional services from lawyers and accountants fall into this category, too.
Step 7: In Section 4, you can choose how to receive your reimbursement, and complete the process by signing the form electronically. CR’s tip: Unlike a check, the prepaid debit card doesn’t expire.