FTC: Equifax data breach: Pick free credit monitoring

July 31, 2019

by Robert Schoshinski               

Assistant Director, Division of Privacy and Identity Protection

Just last week, the FTC and others reached a settlement with Equifax about its September 2017 data breach that exposed personal information of 147 million people. We’ve told you to go to ftc.gov/Equifax, where you can find out if your information was exposed and learn how to file a claim with the company in charge of the claims process.

The public response to the settlement has been overwhelming, and we’re delighted that millions of people have visited ftc.gov/Equifax and gone on to the settlement website’s claims form.
But there’s a downside to this unexpected number of claims. First, though, the good: all 147 million people can ask for and get free credit monitoring. There’s also the option for people who certify that they already have credit monitoring to claim up to $125 instead. But the pot of money that pays for that part of the settlement is $31 million. A large number of claims for cash instead of credit monitoring means only one thing: each person who takes the money option will wind up only getting a small amount of money. Nowhere near the $125 they could have gotten if there hadn’t been such an enormous number of claims filed.

So, if you haven’t submitted your claim yet, think about opting for the free credit monitoring instead. Frankly, the free credit monitoring is worth a lot more – the market value would be hundreds of dollars a year. And this monitoring service is probably stronger and more helpful than any you may have already, because it monitors your credit report at all three nationwide credit reporting agencies, and it comes with up to $1 million in identity theft insurance and individualized identity restoration services.

For those who have already submitted claims for this cash payment, look for an email from the settlement administrator. They’ll be asking you for the name of the credit monitoring service you already have. Or, if you want to change your mind, you’ll have a chance to switch to the free credit monitoring. You can also email the settlement administrator, JND, at info@EquifaxBreachSettlement.

Please also note that there is still money available under the settlement to reimburse people for what they paid out of their pocket to recover from the breach. Say you had to pay for your own credit freezes after the breach, or you hired someone to help you deal with identity theft. The settlement has a larger pool of money for just those people. If you’re one of them, use your documents to submit your claim.

 

FTC Alert - Capital One data breach: Time to check your credit report

July 30, 2019

by Seena Gressin               

Attorney, Division of Consumer and Business Education

If you needed yet another nudge to start keeping an eye on your credit report to protect against identity theft, Capital One has delivered it with its announcement that a data breach has exposed the personal information of 106 million of its credit card customers and credit card applicants in the United States and Canada.

News of the Capital One breach comes just one week after the Federal Trade Commission announced that Equifax agreed to pay up to $700 million to settle a lawsuit brought by the FTC, the Consumer Financial Protection Bureau, and 50 states and territories, stemming from the credit reporting giant’s 2017 data breach, which affected about 147 million people.

In the Capital One breach, 100 million people in the United States and 6 million in Canada were affected. According to the bank, most of the stolen information came from the credit card applications of consumers and small businesses. The information includes names, dates of birth, addresses, phone numbers, and more, all from applications filed between 2005 and early 2019.

For credit card holders, the stolen information includes credit scores, credit limits, balances, payment history, contact information and some transaction data. The bank says the hacker also stole about 140,000 Social Security numbers, 80,000 linked bank account numbers of secured credit card holders, as well as the Social Insurance Numbers of about one million Canadians.

Capital One has posted information about the breach and says it will notify the people affected and offer them free credit monitoring and identity protection services. However, whether or not you were affected, there is no time like the present to check your free credit report and take other steps to protect against identity theft.

Check out these articles to read the basics about credit reports and credit monitoring. And one more thing: a data breach is a magnet for scammers. Be alert to emails and calls pretending to be from Capital One or the government. Neither the bank nor the government will send an email or call you to ask for credit card or account information or your Social Security number.
Visit Identitytheft.gov/databreach to learn more about protecting yourself after a data breach.

 

FTC: Equifax Data Breach Settlement: How to Claim Your Benefits

July 25, 2019

by Alvaro Puig               

Consumer Education Specialist, FTC

Earlier this week, we told you that roughly half the people in the country can get benefits under a settlement that the FTC and others reached with Equifax. Now, you can now find out if you were affected by the September 2017 breach and make your claim for benefits.

Start at ftc.gov/Equifax. There, you can use a tool to find out if your information – like your Social Security number (SSN) – was exposed in the breach, learn about benefits, and start your claim to get free credit monitoring and maybe even cash. If your info was exposed in the breach, the settlement will give you up to 10 years of free credit monitoring. That means you’ll get an alert whenever somebody checks your credit history, opens a new loan or credit card in your name, or says a payment is late. So if somebody has, say, your SSN and tries to use it to get a loan, this free credit monitoring service would let you know right away.

That’s the kind of information that might make a real difference when you apply for a job, try to rent an apartment, or apply for credit.

And a word on the cash: there are several ways to get reimbursed for the time or money you spent dealing with the after-effects of the breach. Read more at ftc.gov/Equifax, but here’s something to consider. To get paid back for up to ten hours of your time, you just need to say what you were doing for those ten hours.

 

FTC Alert: Equifax Data Breach Settlement: What You Should Know

July 22, 2019, by Alvaro Puig               

Consumer Education Specialist, FTC

In September of 2017, Equifax announced a data breach that exposed the personal information of 147 million people. Under a settlement filed today, Equifax agreed to spend up to $425 million to help people affected by the data breach. If you were affected by the Equifax breach, you can't file a claim just yet. That's coming. But you can sign up for FTC email alerts about the settlement at ftc.gov/Equifax.
(Not sure that you were affected? The breach claims site will have a tool to let you check. Sign up for an FTC email update to find out when that tool is up and running.)

Here’s what you need to know about the settlement.

Benefits Available To You

If you were affected by the breach, you may be eligible for benefits.

1. Free Credit Monitoring or $125 Cash Payment

You can get at least 4 years of free credit monitoring of your credit report at all three credit bureaus (Equifax, Experian, and TransUnion). On top of that, you can get up to 6 more years of free credit monitoring of your Equifax credit report. That’s a total of 10 years of free credit monitoring. (Minors affected by the breach are eligible for even more free credit monitoring.)
If you have credit monitoring that will continue for at least 6 months and you decide not to enroll in the free credit monitoring offered in the settlement, you may be eligible for a cash payment of $125.

2. Reimbursement for Your Time and Other Cash Payments

You may be eligible for reimbursement and cash payments up to $20,000 for:

• time you spent protecting your identity or recovering from identity theft, up to 20 hours at $25 per hour
• money you spent protecting your identity or recovering from identity theft, like the cost of freezing or unfreezing your credit report or unauthorized charges to your accounts
• up to 25% of the cost of Equifax credit monitoring or identity protection products you bought between September 7, 2016 and September 7, 2017

3. Free Identity Restoration Services

You are eligible for free identity restoration services for at least 7 years that you can use if someone steals your identity or you experience fraud.

Next Steps

The claims process will start after court approval. To learn more about the settlement, go to ftc.gov/Equifax. We’ll update that page when there’s new information.
You can also sign up to get FTC email updates about this settlement.
If you were affected by the breach, you may also receive an email notification after the court approves the settlement. The notification will provide more information about the settlement, the benefits available to people impacted, and how to request the services offered under the settlement.

Facebook Users Alert: July 24th,'19, What the FTC Facebook settlement means for consumers

July 24, 2019

by Lesley Fair               

Attorney, Division of Consumer & Business Education, FTC

The next time users visit Facebook, things might not look different, but big changes are brewing behind the scenes. The FTC’s record-breaking $5 billion settlement requires Facebook to conduct a massive overhaul of its consumer privacy practices. The settlement also makes major changes to Facebook’s operations and CEO Mark Zuckerberg no longer has sole control over privacy.
First, some background. Facebook is a social networking site, but it makes money by serving up targeted ads based on users’ personal information. Many consumers are hesitant about sharing certain data, so Facebook calms that concern by promising that people can control the privacy of their information through the platform’s privacy settings.

The FTC sued Facebook in 2012 for making misleading promises about the extent to which consumers could keep their personal information private. For example, Facebook told users they could select settings to make information available just to “friends.” But despite that promise, Facebook allowed apps used by those friends to access consumers’ information, a decision that put money in Facebook’s pocket. The 2012 FTC order put penalties in place if Facebook made misleading statements in the future about consumers’ control over the privacy of their personal information.
According to the FTC, that’s just what happened. Facebook violated the order by again giving companies access to information that consumers said they didn’t want to share. The FTC also alleges Facebook made other misleading statements about how it used facial recognition, consumers’ cell phone numbers, and other personal data.
Here are three things to know about the FTC’s history-making settlement with Facebook.

Facebook will pay the largest civil penalty by anyone anywhere ever in a privacy case.

The $5 billion settlement is one for the record books. It’s the largest civil penalty ever imposed on a company for violating consumers’ privacy and it’s one of the largest penalties assessed by the U.S. government for a violation of any kind. That tells you just how seriously the FTC takes it when companies break their privacy promises. The settlement also sets a new benchmark if companies fail to honor their promises in the future. (In case you’re wondering about the $5 billion, by law, it goes to the general fund of the U.S. Treasury. It does not go to the FTC.)

The settlement requires fundamental changes at Facebook and removes CEO Mark Zuckerberg as the company’s consumer privacy decision maker.

The order establishes a new era of privacy transparency at Facebook and at WhatsApp and Instagram, which Facebook owns. It creates an independent committee of Facebook’s board of directors to oversee privacy decisions and requires an independent third-party assessor to evaluate the effectiveness of Facebook’s privacy program. Mark Zuckerberg also must certify every quarter that Facebook is in compliance with the new privacy program. Any false certification will be subject to civil – and criminal – penalties.

As Facebook puts its new privacy program in place, consumers should take a fresh look at their settings. 

How much personal information do you really want to share? A platform’s default settings may not be your most privacy-protective option. Whether it’s Facebook or any other platform, revisit your toolbars, privacy settings, etc., to make sure the system is set up to honor your choices and preferences.