Equifax data breach victims will get "nowhere near" $125 promised

Users whose personal data was compromised in the disastrous Equifax data breach will receive a fraction of the $125 promised should they choose cash as their preferred means of compensation.

The Federal Trade Commission has warned users against applying for compensation in cash and instead opt for a free credit rating service.

The warning comes after a website hosted by the agency, designed to let potential victims check whether they were affected during the 2017 breach, was flooded with requests in the days after its launch.

"The public response to the settlement has been overwhelming. Millions of people have visited this site in just the first week," the agency said.

It added each person claiming cash "is going to get a very small amount" which will stand "nowhere near the $125 they could have gotten if there hadn't been such an enormous number of claims filed".

Despite setting the maximum level of compensation at $125 per person, the actual amount made available for these kinds of payments was set at just $31,000,000.

Claimants should now expect to be "disappointed with the amount you receive" because the $700 million settlement has seen such an overwhelming response, with millions of people visiting the site in its first week.

The figures suggest that the FTC and Equifax only made provisions for roughly 248,000 data breach victims to claim the maximum level of compensation. This is from a pool of an estimated 147 million compromised accounts.

Beyond this pool, a separate fund of up to $500 can be paid to those who spent time mitigating the effects of the breach, with $25 per hour paid for up to a total of 20 hours. This includes actions like fighting identity fraud with banks.

Alternatively, victims can file a claim for free credit monitoring, in which people are entitled to at least four years of free monitoring at Equifax, Experian and TransUnion, as well as $1 million of identity theft insurance. The FTC claims the market value for this last product is hundreds of dollars per year.

The Equifax breach was, without doubt, one of the biggest security disasters of recent history, with bad patch management the tip of an iceberg that saw attackers steal the details of 147 million people.

The UK's Information Commissioner's Office (ICO) slapped the firm with a maximum 500,000 fine for failings under the Data Protection Act 1998, on behalf of the 15 million UK-based victims. Under the EU's General Data Protection Regulation (GDPR), this financial penalty could have been many factors higher should the breach have occurred after 25 May 2018.

Keumars Afifi-Sabet
Features Editor

Keumars Afifi-Sabet is a writer and editor that specialises in public sector, cyber security, and cloud computing. He first joined ITPro as a staff writer in April 2018 and eventually became its Features Editor. Although a regular contributor to other tech sites in the past, these days you will find Keumars on LiveScience, where he runs its Technology section.