Mike Stewart.
Millions of Equifax victims chose to receive a $125 cash award when the settlement was announced in July, but the FTC later pulled back on that commitment.
The Federal Trade Commission's backpedaling scheme to prevent people from obtaining a cash award in its $700 million data breach settlement with Equifax grew worse over the weekend, as the settlement website sought to further reduce the claimants. The sorry episode continues to look like the work of a scam marketing operation, facilitated by a federal agency with the mission of cracking down on scam marketing operations.
Millions of Equifax victims chose to receive a $125 cash award when the settlement was announced in July. The FTC later pulled back on that commitment, warning people that only $31 million was earmarked for the cash payout, that they wouldn’t get anywhere near $125, and that they should really opt for ten years of credit monitoring. The FTC even altered their own website explaining the settlement terms, to de-emphasize the original $125 number.
This all led progressive organizations and Senator Elizabeth Warren to call for investigations into the FTC’s deceptive marketing tactics. The actions of this weekend only compounded the bait-and-switch.
The same victims who selected the cash payout received an email with the scammy-sounding subject line “Your Equifax Claim: You Must Act by October 15, 2019 or Your Claim for Alternative Compensation Will Be Denied.” I know because I was one of them. The email, from the Equifax Breach Settlement website, informed recipients that they had to verify the initial claim for cash, or amend it to receive free credit monitoring, by October 15.
Equifax Breach Settlement Administrator
Subject: Your Equifax Claim: You Must Act by October 15, 2019 or Your Claim for Alternative Compensation Will Be Denied.
I didn't recall any disclosure when I made the initial claim that it would have to be verified at an undetermined later date by an email arriving some weekend in September. But this is a common tactic from marketers trying to wiggle out of a “special offer” that they previously made.
Some percentage of Equifax victims will not see the email, will have it fall into their spam folder, or will forget to act on it. Because each victim who opts into the cash payout reduces the per-victim share of the $31 million available, intentionally pushing people off the payout at the margins makes the final number relatively less embarrassing for the FTC, especially after they loudly promised $125.
The email in fact implicitly admits this, by stating, “the amount you receive in connection with your alternative compensation claim may be significantly reduced depending on how many valid claims are ultimately submitted by other class members for this relief.”'
Equifax Breach Settlement Administrator
Dayen-equifax-email2
My curiosity piqued, I clicked on the link to verify my cash claim. It was a master class in “dark patterns,” the tricks websites use to behaviorally nudge you toward its own preferences. First you had to enter your claim number, a long string at the top of the email. Inattentive victims may just give up here. Then I was subjected to an inordinately long set of Captcha prompts, so I could prove I was a human being. For what it’s worth, other victims who went through the verification process did not have to deal with Captchas. At least one person – me – did, in such a way that it would have been reasonable to expect me to just click off the website.
Next, a screen comes up that says, “For your claim to be considered, you must provide the name of your credit monitoring service and certify that you will have it for at least the next 6 months from the date you submitted your claim.”
Equifax Breach Settlement Administrator
Dayen-equifax-email3
I checked back on the archived settlement breach site, and its language was somewhat ambiguous on this point. “If you already have credit monitoring services, you can request a $125 cash payment,” it reads. Other language stated you would have to verify the credit monitoring service, but this requirement was not part of the initial claims process.
Credit monitoring is available for free from websites like Credit Karma or Bankrate.com. In addition, several credit cards automatically offer users free credit monitoring. That's because it isn't very valuable, merely alerting people after the fact if there are suspicious-looking changes to their credit report that would suggest fraudulent conduct.
But I really wanted to see how this would play out, so I typed in the word “NONE.” It advanced to a new screen, which explains that “for security reasons” you will not be able to make any changes to the claim form through the website, and would have to “reach out to the Settlement Administrator directly.” So anyone who wrote “NONE” like I did, or put in a typo for their credit monitoring service, has no recourse other than sending a letter, I guess, or else they lose their monetary award.
In addition, I had to “affirm under the laws of the United States that the information I have supplied in this claim is true,” and that more information may need to be provided to get the claim. These are additional steps intended to weed people out.
Equifax Breach Settlement Administrator
Dayen-equifax-email4
Personally, I assume I'm already out by putting “NONE” for a credit monitoring service. So everyone else will get a fraction of a penny more in that claim check. (You're welcome!) But the larger point here is that the FTC, having been caught offering too much money in the settlement, decided to dial back on it hard, engaging in deceptive marketing in the process.
In addition, Equifax stands to gain lots and lots of customers for their secondary business of credit monitoring, which presumably will become a paid opt-out proposition once the terms of the free service expire. So Equifax got caught allowing the personal information of 154 million people to be stolen, and their sentence is essentially to engage in an ancillary moneymaking opportunity.
There's another side to this. The FAQ on the settlement breach site helpfully explains that victims have legal representation, in the form of four attorneys that include Roy Barnes, the former governor of Georgia. These lawyers will “ask the Court to award them attorneys’ fees of up to $77,500,000 and reimbursement for costs and expenses up to $3,000,000 to be paid from the Consumer Restitution Fund.” In other words, the lawyers will attempt to take a large chunk out of the $505.5 million intended for victims.
If the cash award winds up being really low, “the judge might reject the settlement approval—or worse, ask why the lawyers are getting so much money for such abysmal results, and reduce the fees,” says Ted Frank, director of litigation at Hamilton Lincoln Law Institute, a watchdog on class settlements. “By pushing people to credit monitoring, they'll claim that a few pennies of credit monitoring is worth $50 or $100 or some other fictional number, and that's how they'll pretend that the $80 million fee request isn't overinflated.”
Frank, whose firm has been monitoring the settlement and may formally object to it, says that the email had to have gone out with the plaintiffs lawyers' approval. But the FTC was previously engaged in the same bait-and-switch, not only to make themselves look less embarrassing, but with the added consequence of an $80 million windfall for rich lawyers. This is precisely the kind of behavior the agency is supposed to prevent, when fraudulent companies engage in it. There's nobody left to protect the public when the FTC is as guilty of deception as the companies it's supposed to regulate.
