[HN Gopher] Over 275 days since Equifax's data breach settlement...
___________________________________________________________________
Over 275 days since Equifax's data breach settlement and no one has
been paid
Author : ProAm
Score : 290 points
Date : 2020-04-30 21:27 UTC (1 hours ago)
(HTM) web link (www.interest.com)
(TXT) w3m dump (www.interest.com)
| g051051 wrote:
| From the settlement web site:
|
| "The Court gave final approval to the Settlement and overruled
| all objections on January 13, 2020. However, some of those that
| objected to the Settlement have now appealed the Court's decision
| to approve the Settlement. By order of the Court, the Settlement
| cannot become final until all appeals are resolved and there is
| currently no timeline for the resolution of these appeals. When
| the appellate court enters a schedule for the appeal, we will
| update this website to provide individuals with more guidance as
| to the timing of a decision. Please check back for further
| updates."
| markus_zhang wrote:
| No idea why but I always feel any company dealing with blackbox
| credit rules are very fishy...wish there is a way to remove them
| away from the financial system.
| 317070 wrote:
| Here's the thing, as far as I know, Europe does not have those
| companies. So it definitely should be possible to do without
| them...
| npstr wrote:
| That is not true. It is almost impossible to rent a flat in
| the larger cities of Germany without showing a positive
| credit record to the landlords. And requesting even small
| credits of a few k will have your credit rating checked and
| recorded that such a check happened.
| yalogin wrote:
| Come on now that is not quite true. Some politicians got paid to
| make this thing go away with a legislation.
| hwc wrote:
| I want to sue the credit agencies for stalking me.
| dylan604 wrote:
| Would you need to first file a retraining order, or can you
| just jump straight into litigation?
| loeg wrote:
| In America, you can always jump straight to litigation. It
| doesn't mean you'll win, and Equifax almost certainly has
| deeper pockets than you do.
| 0xy wrote:
| The lawyers haven't finished looting the cash. Does anyone even
| care about the token amount of cash they're likely to receive?
| gouggoug wrote:
| It's not about the insignificant amount of money everyone will
| get out of it; it's about equifax being severely punished and
| fined, even though that settlement won't really change
| anything.
| nickff wrote:
| It seems like this is 'really about' a bunch of lawyers
| getting paid.
| 0xy wrote:
| You just described every class action lawsuit.
| whiskeykilo wrote:
| Exactly. Most people didn't even get picked for payment. I
| don't want a shitty monitoring service I want to see Equifax
| bleed
| chrisseaton wrote:
| > I want to see Equifax bleed
|
| This seems vindictive. Their behaviour should be corrected
| and other people deterred. We shouldn't be calling for
| blood!
| ggggtez wrote:
| Don't worry, it's only metaphorical blood. Equifax is
| just a concept, and can't be physically hurt.
| basch wrote:
| The data has never surfaced. I have to wonder if anybody who
| claims they had direct identity theft because of the breach
| automatically loses their claim.
|
| https://www.cnbc.com/2019/02/13/equifax-mystery-where-is-the...
|
| It's interesting that most coverage of the incident ignores that
| detail. I guess people really dont like to hear it because it
| doesnt fit their narrative. Whatever this interest.com article
| is, it has very little value. It reads like seo spam. It doesn't
| discuss any of the developments in the last three weeks, such as
| Chicago, Indiana, Massachusetts all working out settlements.
| bogomipz wrote:
| So in your "narrative" do social security numbers and other
| sensitive personal details have some sort of expiration date
| where if they don't "surface" within a certain time frame they
| are no longer useable?
| basch wrote:
| if they never surface, are they usable? if they are used by a
| government but not to steal, how do you quantify the damage?
| MattGaiser wrote:
| I'm surprised to just be learning that it was probably a
| governmental cyberattack.
| empath75 wrote:
| China at this point has an amazing blackmail database -- just
| correlate credit information with LinkedIn and Facebook data,
| and it's trivial to find people with clearances or access to
| corporate secrets that you can get leverage on. Combine that
| with their attempted purchase of Grindr and other dating apps
| and you see a pattern.
| basch wrote:
| Like I said, it doesn't fit the narrative of "data collectors
| = bad", it doesn't create the right emotional response, it
| doesnt help people hate equifax more, so it gets suppressed
| and immediately downvoted, on any forum.
|
| Equifax can both be negligent and immoral AND not have caused
| any systemic identify thefts (that we know of, yet) from the
| event. I do think "a foreign government got the data on me"
| drastically shifts what the future threat from the exposure
| is, which should also change the settlement that was made
| under the pretense of them leaking data to traditional
| identity thieves or a black market.
| martey wrote:
| > _Like I said, it doesn 't fit the narrative of "data
| collectors = bad", it doesn't create the right emotional
| response, it doesnt help people hate equifax more, so it
| gets suppressed and immediately downvoted, on any forum._
|
| Have you considered that this might be caused by blind
| spots in your own news consumption?
|
| For example, you previously linked to an article from 2019
| that suggest the breach might have been a governmental
| attack, but you seem to have ignored the fact that 4 PLA
| members were indicted in February. There was widespread
| news coverage about this, including multiple submissions on
| this very forum.
| https://news.ycombinator.com/item?id=22289826 does not look
| like it was "suppressed and immediately downvoted".
| akersten wrote:
| To be clear, are you saying that in order for a data breach to
| be considered legitimate, the plundered data needs to be
| released publicly?
| jedberg wrote:
| Part of the claims process for this settlement was stating
| that you suffered losses due to the breach.
|
| If they can prove that the data never leaked, then everyone's
| claim becomes invalid, because you didn't suffer any losses
| from the breach.
| luma wrote:
| To the contrary, it makes this story all the more
| interesting. It certainly brings a new wrinkle to a news
| event I hadn't thought about in a while.
| basch wrote:
| no, i dont think i said that.
| akersten wrote:
| Presuming you do think it is a legitimate data breach then,
| why did you suggest that victims should lose their claim to
| having been caught up in it?
|
| Do you not think their (and probably your, if you're
| American) position of anxiety and their personal
| information being used nefariously is worthy of being made
| right? The data does not need to "surface" for it to have
| been used to steal someone's identity.
| ksk wrote:
| I think the point OP was making that if the data hasn't
| surfaced, then you cannot confirm if a particular case of
| identity theft has been caused by the breach.
| akersten wrote:
| That's a fair line of thought, but their comment was:
| data hasn't surfaced -> can't know where an identity
| theft came from -> Equifax petitioners lose their right
| to the settlement
|
| When the reality is: Equifax agreed to pay a settlement
| -> Equifax has not yet paid yet (and whether the material
| surfaces or not was not a stipulation of the settlement
| that they agreed to)
| basch wrote:
| >data hasn't surfaced
|
| What it really comes down to, is if "data hasn't
| surfaced" means "we dont know if the data was used" or if
| "data hasn't surfaced" is something you can prove hasnt
| happened. It's the difference between "we dont know" or
| "we know your identity theft wasnt related to this."
| basch wrote:
| From a legal perspective, does providing incorrect
| information to a settlement somehow make your claim
| invalid?
|
| People were using the correlation of "I had an identity
| breach around this time, it must be causation" as part of
| their claim. If your identity is stolen by a different
| party, simultaneously, how do you legally have a right to
| use that against a different party?
|
| Did you read the article? The data likely hasnt been used
| yet, it was likely stolen by a government that is holding
| it for their own purposes, not using it for credit card
| theft.
| akersten wrote:
| > "I had an identity breach around this time, it must be
| causation" as part of their claim. If your identity is
| stolen by a different party, simultaneously, how do you
| legally have a right to use that against a different
| party?
|
| I don't quite follow - do you mean "leaked" by a
| different party simultaneously? If that's the case, then
| yes, maybe it is hard to tell which party's data got
| scooped up by the Bad Guys. And you'd have a hard day in
| court against even a single actor leaking your data in
| the US, since it's not a strict liability crime.
|
| In this case it doesn't matter. I did read the article:
| it says Equifax _agreed to a settlement_ and they need to
| pay out. They haven 't paid out yet. Whatever happens
| after that agreement doesn't retroactively invalidate the
| settlement. A settlement is to make the whole thing go
| away, regardless of whether the breach turned into an
| identity disaster or a Nothingburger.
| basch wrote:
| The settlement is an independent event from validating
| claims to the settlement.
|
| >I don't quite follow - do you mean "leaked" by a
| different party simultaneously?
|
| Yes
|
| And, from my limited understanding of the case, the
| settlement is not set it stone. There are still appeals,
| the settlement has not been accepted universally. They
| apparently dont need to pay out while they still have
| their days in court. https://outline.com/zL6mgP
|
| >Under the settlement terms, cash benefits cannot be
| paid, and credit monitoring, credit restoration and
| identity protection services remain on hold until the
| objectors' appeals are resolved.
| akersten wrote:
| The appeals to the settlement you linked are about the
| appropriate compensation for the plaintiffs, not about
| whether claimants are eligible.
|
| I'm not sure how one would prove their identify theft was
| _specifically due to Equifax 's data breach_ even if the
| leaked data were available, so I don't understand that
| that could be a condition for a claim to be valid. My
| interpretation is that your claim is valid if you had
| data with Equifax and you subsequently spent time or
| money establishing credit monitoring or identity theft
| resolution.
|
| If there's more to it than that, and Equifax has arranged
| the settlement such that a claimant has to somehow prove
| the source of their identity theft was Equifax, then yes,
| I agree even more strongly with the "Equifax bad"
| narrative you decried upstream. That would be impossible
| to prove, even if the data did surface.
| basch wrote:
| If you can prove the data has never been made available,
| you can prove it wasnt used.
|
| If you can prove that data existed previously, the data
| used came from somewhere else, you essentially prove it
| didn't come from this breach. You would do this by
| catching the people responsible for identity theft, and
| identifying what data source they used. It would be very
| unlikely for equifax or anyone to go through this trouble
| or risk the bad press of attacking victims (even if they
| are somebody elses victims.)
|
| >My interpretation is that your claim is valid if you had
| data with Equifax and you subsequently spent time or
| money establishing credit monitoring or identity theft
| resolution.
|
| I believe there were different types of claims, one being
| credit monitoring, and another that your data was used
| against you.
| cft wrote:
| Call me cynical, but when I read the news of the breach I went
| and bought EFX call options for 3 months. Because even though I
| am not sure whether the "deep state" exists or it's a conspiracy
| theory, I was somehow confident that I was making a good
| investment. It has paid off handsomely indeed.
| echelon wrote:
| When you buy calls but don't have the capital to exercise those
| calls, do brokerage services lend you the money to collect on
| the gains assuming your call is in the black?
|
| I have a pretty good stock portfolio, but I haven't dipped my
| toes into the call/put, futures, derivatives, "iron condors",
| etc. world yet.
| cft wrote:
| In that case you simply sell the call, instead of exercising
| (assigning) it. I switched to selling puts instead since
| then.
| echelon wrote:
| Are your puts covered? How do you mitigate the risk of the
| stock going up?
|
| I need to learn a lot more before doing this.
| cft wrote:
| Yes, puts are covered for now. There are several
| standardized levels of account access to buying/selling
| options. I think selling naked puts requires Level 5
| while selling covered puts requires Level 3. I recommend
| practicing buying options first, and selling the options
| that you have bought, before selling covered or naked
| options.
| kortilla wrote:
| When you sell a put, the risk is in the stock going down,
| not going up.
|
| So you need to have enough cash in the account to buy the
| stock at the strike price of the put (or be long longer
| dated or further out of the money puts).
| bowmessage wrote:
| The risk of the stock going up is that you make a lot of
| money :-)
| pb7 wrote:
| Selling puts is bullish. You are selling someone the
| option to sell you shares at a given price so if the
| stock goes up, you collect the premium (since no one will
| voluntarily sell you something at a lower price than the
| spot price). If the stock goes down, then you are buying
| shares at a price you presumably deemed sufficient to
| hold in the long term.
| pb7 wrote:
| It's usually in your best interest to sell the options before
| they expire as the extrinsic value decays every day. If they
| expire in the money, they are generally exercised and
| liquidated at the same time before market close of the expiry
| date.
| sfshaw wrote:
| I suppose the cost of the loan to exercise the option would
| be equal to the difference between that and selling the
| option?
| DSingularity wrote:
| I don't get the connection?
| meesles wrote:
| I think GP is implying that you can trust to invest in
| institutions like Equifax because they are propped up by the
| government and 'too big to fail'. Not sure I agree, but then
| again, there's the proof.
| saagarjha wrote:
| Equifax has done well despite the breach.
| icedchai wrote:
| He made more with those call options than anyone will ever
| get from the breach settlement.
|
| I bought stock in one of their competitors (TRU) which was
| also down around the same time. Even with all the craziness
| in the markets, it's still up close to 80% in a little over
| 2.5 years.
| rhacker wrote:
| I think I would have preferred the company be removed of their
| ability to collect credit information than any other penalty.
| cgb223 wrote:
| How could consumers force this outcome?
|
| Is there anything we can (collectively) do?
| spicymaki wrote:
| Yes, it is called activism.
|
| Here is the formula:
|
| 0. Start up a nonprofit with the sole intention of
| eliminating nontransparent consumer credit reporting and data
| collection.
|
| 1. Come up with a charter for the organization.
|
| 2. Promote the organization (distribute pamphlets, have
| public meetings, speak at colleges, lecture halls, churches,
| newspaper op-eds, etc).
|
| 3. Attract like minded people.
|
| 4. Raise funds.
|
| 5. Promote and support politicians with similar objectives or
| convince existing politicians through lobbying.
|
| 6. Change local state laws change to ban the practice.
|
| 7. Change state laws for a majority of states in the US to
| ban the practice.
|
| 8. Change federal laws to ban the practice.
|
| 9. Block and impede efforts by greedy companies to reverse
| the new regulation.
| Traster wrote:
| You made a typo, step 4 was meant to be "Raise funds by
| selling your organisation to Ethos capital"
| flattone wrote:
| http://i.dawn.com/primary/2015/11/564303181a339.jpg
| vkou wrote:
| Vote. Vote in the primaries. Vote in local elections. Vote in
| federal elections. Vote for people who will make their
| business model, in the manner they practice it, illegal.
|
| If you don't want to vote, you can get even better ROI if you
| convince other people to vote instead.
|
| As a consumer you can't do anything. You are not their
| customer. They are not accountable to you. As a citizen, you
| have power. They require your permission to operate.
| smnrchrds wrote:
| Everyone has to stop using services from financial
| institutions who use Equifax (i.e. almost all of them) until
| they cut ties with Equifax. If millions of people cancel
| close their BoA account in a single day, I imagine BoA would
| dump Equifax.
|
| Of course, like most _vote with your wallet_ schemes, this
| would never work in the real world. Anything that requires
| collective action of millions or billions of individuals,
| will either die with a whimper or make its way to history
| books as a once-in-a-century event. We cannot solve climate
| change by boycotting polluting companies; there is no way
| enough people join the boycott to make a difference. This is
| the same.
|
| Like climate change, the only realistic path of success is
| political pressure. Equifax will remain as is as long as the
| legislature leaves them alone. If you want this to change,
| get involved in politics, write to your politicians, run for
| office.
| xfitm3 wrote:
| The US credit system is a bunch of bullshit anyway.
|
| > "Good credit is for poor people" - words of a wealthy friend.
| mikeweiss wrote:
| Uhhh no. Rich people leverage their good credit and assets to
| become even richer.
| linsomniac wrote:
| I assume it means: You don't care about your credit score
| once you have a certain amount of money, because the limits
| of a bad score do not really impact you:
|
| - Not approved for a car/house/boat loan? Sell some
| investments and pay cash. - Turned down for a credit card?
| Get a secured card, or even a pre-paid card. Or carry cash. -
| Turned down for a cell phone plan? Buy prepaid.
| clairity wrote:
| no, it means you dangle boatloads of potential fees and
| illusions of assets under management in front of the
| banker's eyes, like trump did with deutsche bank, and then
| watch the loans spew forth unencumbered by a silly third-
| party "score".
| danans wrote:
| > > "Good credit is for poor people" - words of a wealthy
| friend.
|
| By "poor" he likely means anyone who has to borrow for
| anything, including a home (60% of households) or auto
| purchase (44% of individuals). So basically just about anyone
| who has to work for a living.
|
| He probably also means "worrying" about credit, vs using
| credit as a financial optimization tool
| Traster wrote:
| There's no way that only 60% of households borrow for a
| home. It might be that only 60% are borrowing against their
| home right now, but in that case you're probably talking
| about 99% of the people not borrowing against their home
| being pensioners. Those aren't particularly rich people,
| they're just in a different part of their life. (It also
| wouldn't matter if they were credit worthy because no one
| is going to give a mortgage to an 83 year old)
| winrid wrote:
| I don't get it. It seems like keeping good credit is easy.
| Why can't you have good credit and be wealthy?
| alexbanks wrote:
| The rich don't need to care about credit. Having good
| credit only enables you to borrow more money.
| sonthonax wrote:
| Rich people mightn't have a stellar credit score, but
| they're still creditworthy.
|
| Your credit report is really a way of automating what a
| bank manager would have done at some point for every
| customer, i.e examine your finances, references, legal
| history, etc.
|
| It's really just a model for consumer creditworthiness of
| someone earning under the 95% percentile of wealth. As it's
| needlessly laborious for a bank manager to examine you in
| depth for a $5'000 dollar credit card.
|
| Credit scores are not a factor in nearly any big loan. One
| might be utilising most of their available credit (as their
| limit is low), or have failed a few hard searches. In the
| case of a big loan like a mortgage, it's not so automated
| and is worth digging deeper.
|
| When you're rich, every loan is a big loan - and it's worth
| the bank's time determining how much they should lend to
| you on a case by case basis.
| 7thaccount wrote:
| I imagine extremely wealthy people buy everything cash.
| flexer2 wrote:
| Extremely wealthy people (i.e. 9-digit+ net worth) have
| teams of lawyers and accountants that figure out the
| optimal way to allocate the client's cash to achieve
| their goals. That may or may not include incurring debt,
| etc. Rich people borrow money too (not because they need
| to, but because it ultimately can make more financial
| sense to do so).
|
| (there are of course exceptions to this, there are rich
| people bad with money or who want to look like they're
| richer than they actually are, but in general rich people
| stay rich by being smart about their money)
| pyuser583 wrote:
| I figured it was the opposite.
| dathinab wrote:
| It's more complicated then this:
|
| They indeed tend to not by thinks on rates, so not to
| much "uplift" in your scores.
|
| People which are wealthy tend to also try to get higher
| credits (for it to be worth it) and buy more expensive
| thinks so if they messup _it 's often much more expensive
| for banks_.
|
| Not all people can handle money so there are a bunch of
| people which will never stay wealthy. Combined with the
| point above => higher rise.
|
| Some care less for penalties when paying late and might
| "optimize" payments in ways which are not always mean on
| time/good for the score.
|
| Lastly there are a bunch of wealthy people which
| optimized there business so that they only earn as much
| money as they need. They can always increase it but the
| banks can't trust this so the only see a person which
| might have problems paying back. (Note that not all of
| this people do illegal or unmoralic practices, some just
| only work as much as they need and not any bit more).
|
| Lastly there is a simple question:
|
| __What does it mean if a rich /wealthy person _needs_ a
| credit? __
|
| (Btw. it 's a different matter if it's not a private
| credit but for a company.)
| JMTQp8lwXL wrote:
| I assumed it meant wealthy people continually get a clean
| slate when they mess up. So there is no concept of
| maintaining credit when allotted unlimited "redo's".
| mistrial9 wrote:
| .. at least in the US, this is not true.. some wealthy
| people have serious marks on their credit scores and it
| does follow you
| dylan604 wrote:
| Wealthy people don't leave money on the table. If they
| can earn "free money" with a credit card point game, then
| why not?
|
| Some of the cheapest people I know are wealthy. Cheap as
| in, they negotiate the hardest for the lowest price, even
| though it is meaningless to them. I have been told out
| right on more than one occasion that it's not about
| trying to make something affordable, but more of the
| shear enjoyment of making someone else take less just
| because they can.
| Jtsummers wrote:
| Wealthy people don't need credit cards, car loans, and
| mortgages, and most other kinds of loans that would show up
| on a credit history. They may use them, and if they do they
| should have a really good score unless they're bad with
| money. But if they choose not to (as they'd be able to,
| more easily than others at least), there score would drop
| until their credit history was blank.
| sailfast wrote:
| If it's anything like the British aristocracy then "wealthy"
| people are deeply in debt all the time anyway and leveraged
| to the hilt and one crisis away from bankruptcy (bad credit)
| but keep getting loans because of their status. Is that what
| they meant?
| Andrex wrote:
| I suppose "the company be dissolved, its records thoroughly
| purged, and its ability to legally operate revoked" _is_ a bit
| too much... though it shouldn 't be.
| pmiller2 wrote:
| Why is it a bit much? I think the "corporate death penalty"
| is appropriate when you fail to protect the financial history
| of 147 million people.
| redis_mlc wrote:
| That was done for one of the US accounting companies,
| Arthur Andersen, related to Enron financials.
|
| Noody, including the govt., was happy with the final
| result.
|
| So although it should be on the table, in reality, it
| probably won't come from the govt.
|
| https://en.wikipedia.org/wiki/Arthur_Andersen
| Traster wrote:
| The thing is that when the reasonable solution is "Stop the
| company doing its core competency" you need to realise that
| almost everything else the company does is going to be
| "exploit whatever it has left". So forcibly shutting down the
| company is far more reasonable than just stopping it from
| collecting credit information.
| SilasX wrote:
| Is there a reason the triopoly (with Experian and Transunion)
| persists? I know the bond raters have some government granted
| status. If it's the same situation for Experian, maybe they
| could lose that status to some other company?
| Wohlf wrote:
| Inertia, I assume. You can't get any kind of serious loan
| without a report from all three, and other things like
| background checks and rentals usually have one or two they
| prefer.
| ummonk wrote:
| I recall reading that Plaid (now acquired by Visa) was
| working on creating its own credit scoring service.
| paulie_a wrote:
| Opting out should be available
|
| And a corporate death penalty should exist. Destroy the company
| completely.
| nmstoker wrote:
| Why is the company that had the breach managing the payments?
| Surely it should be neutral third party who then just passes on
| the final bill.
| paulgb wrote:
| If I remember the settlement details, something like 75 million
| was for legal fees.
|
| I bet _they 've_ been paid.
| zaidf wrote:
| If only the media cared as much about ppl's super critical data
| being exposed as it cares about the privacy of my Facebook Likes.
| dylan604 wrote:
| But does the media even care about that? Or was that the point
| you were trying to make?
___________________________________________________________________
(page generated 2020-04-30 23:00 UTC)