Connect with us

Hi, what are you looking for?


Incident Response

Wednesday is Deadline for Claims in 2017 Equifax Data Breach

Wednesday is the deadline to seek cash payments and claim free services as part of Equifax’s $700 million settlement over a massive data breach.

Wednesday is the deadline to seek cash payments and claim free services as part of Equifax’s $700 million settlement over a massive data breach.

The breach in 2017, affecting 147 million people, was one of the largest ever to threaten private information. The compromised data included Social Security numbers, birth dates, addresses, driver license numbers, credit card numbers and in some cases, data from passports. Criminals can use those bits of personal information to commit identity theft.

Equifax’s settlement with the U.S. government entitles affected consumers to free credit-monitoring and identity-restoration services for the next several years. Consumers may also be eligible for money for their time or reimbursement for certain services.

You can make a claim if you can show you suffered identity theft “fairly traceable” to the breach or if you can document you spent time and money dealing with securing your credit because of the breach, even if you weren’t subject to identity theft. That could include signing up for credit-monitoring services.

Here is what you need to know about the settlement and what actions you can take:


You may be eligible for up to $20,000 in reimbursements for losses from unauthorized charges to affected accounts, legal and other fees, credit-monitoring or identity-theft-protection services and expenses related to freezing or unfreezing credit reports. For the time spent dealing with the breach, you can seek $25 per hour for up to 20 hours as compensation.

Advertisement. Scroll to continue reading.

All impacted consumers are eligible to receive 10 years of free credit monitoring, at least seven years of free identity-restoration services, and, starting in 2020, six free copies of their Equifax credit report each year for seven years. That’s on top of the free copy you can already get by law every 12 months from each of the three big agencies — Equifax, Experian and TransUnion. For minors, free credit monitoring increases to 18 years.

You can opt instead for a cash payment of up to $125 for a credit-monitoring product of your choice. However, the Federal Trade Commission warns that consumers are likely to get far less because of “overwhelming” public response to the settlement. The cash payments come from a fixed pot of $31 million, and if too many people apply, the pool of money is distributed proportionally.

According to the FTC, “each person who takes the money option is likely to get a very small amount. Nowhere near the $125 they could have gotten if there hadn’t been such an enormous number of claims filed.” The FTC said that while cash remains an option, “you will be disappointed with the amount you receive and you won’t get the free credit monitoring.”

The FTC warning is directed at the $125 option, though the settlement administrator says the payments for time spent will also likely be substantially reduced because of similar caps.


You should examine the listed accounts and loans to make sure that the information is correct and that you authorized the transactions. If something is suspicious, contact the company that issued the account and the credit-rating agency.

You should consider freezing your credit, which stops thieves from opening new credit cards or loans in you names. It can be done online. You can now freeze your credit for free because of recent legislation, avoiding fees that were typically $5 to $10 per rating agency. Just remember to temporarily unfreeze credit, also free, when applying for a new credit card or loan.


You must submit a claim to receive any of the benefits.

The settlement administrator has a tool you can check to see if you were affected by the data breach. You can also file a claim there. Claims must be submitted online or postmarked by Wednesday.

The administrator’s website is at The FTC also has an Equifax website at

Regulators suggest that you save any documents related to your efforts to avoid or recover from identity theft.


It’s unclear who will benefit the most from this agreement.

While the settlement does provide some financial relief, which experts said is unusual for these kinds of cases, they said it doesn’t go quite far enough for consumers.

National Consumer Law Center staff attorney Chi Chi Wu has said that while the settlement provides some compensation for known victims now, there isn’t a good mechanism to address consumers who might suffer identity theft or other fallout many years down the road.

The settlement does have a provision for losses and time spent after Wednesday’s deadline. You have four additional years to make such claims. But whether you get anything depends on whether there’s money left, and such claims will be paid on a first-come, first-served basis.

Additionally, it’s a challenge to prove harm specifically from Equifax, as there are so many breaches. In fact, the company has insisted it hasn’t seen much of an increase in identity theft. But if someone becomes a victim, it’s difficult to say whether the identity theft happened because one breach or another — or some combination.

Related: Equifax Ordered to Spend $1 Billion on Data Security Under Data Breach Settlement

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Data Breaches

LastPass DevOp engineer's home computer hacked and implanted with keylogging malware as part of a sustained cyberattack that exfiltrated corporate data from the cloud...

Application Security

GitHub this week announced the revocation of three certificates used for the GitHub Desktop and Atom applications.

Data Breaches

GoTo said an unidentified threat actor stole encrypted backups and an encryption key for a portion of that data during a 2022 breach.

Incident Response

Microsoft has rolled out a preview version of Security Copilot, a ChatGPT-powered tool to help organizations automate cybersecurity tasks.

Incident Response

Meta has developed a ten-phase cyber kill chain model that it believes will be more inclusive and more effective than the existing range of...

Incident Response

Cygnvs emerges from stealth mode with an incident response platform and $55 million in Series A funding.

Artificial Intelligence

Two new surveys stress the need for automation and AI – but one survey raises the additional specter of the growing use of bring...