Millions of people likely just received an email or snail mail notice saying they’re eligible to claim a class action payment in connection with the 2017 megabreach at consumer credit bureau Equifax. Given the high volume of reader inquiries about this, it seemed worth pointing out that while this particular offer is legit (if paltry), scammers are likely to soon capitalize on public attention to the settlement money.
In 2017, Equifax disclosed a massive, extended data breach that led to the theft of Social Security Numbers, dates of birth, addresses and other personal information on nearly 150 million people. Following a public breach response perhaps best described as a giant dumpster fire, the big-three consumer credit reporting bureau was quickly hit with nearly two dozen class-action lawsuits.
In exchange for resolving all outstanding class action claims against it, Equifax in 2019 agreed to a settlement that includes up to $425 million to help people affected by the breach.
Affected consumers were eligible to apply for at least three years of credit monitoring via all three major bureaus simultaneously, including Equifax, Experian and TransUnion. Or, if you didn’t want to take advantage of the credit monitoring offers, you could opt for a cash payment of up to $125.
The settlement also offered reimbursement for the time you may have spent remedying identity theft or misuse of your personal information caused by the breach, or purchasing credit monitoring or credit reports. This was capped at 20 total hours at $25 per hour ($500), with total cash reimbursement payments not to exceed $20,000 per consumer.
Those who did file a claim probably started receiving emails or other communications earlier this year from the Equifax Breach Settlement Fund, which has been messaging class participants about methods of collecting their payments.
How much each recipient receives appears to vary quite a bit, but probably most people will have earned a payment on the smaller end of that $125 scale — like less than $10. Those who received higher amounts likely spent more time documenting actual losses and/or explaining how the breach affected them personally.
So far this week, KrebsOnSecurity has received at least 20 messages from readers seeking more information about these notices. Some readers shared copies of letters they got in the mail along with a paper check from the Equifax Breach Settlement Fund (see screenshot above).
Others said they got emails from the Equifax Breach Settlement domain that looked like an animated greeting card offering instructions on how to redeem a virtual prepaid card.
If you received one of these settlement emails and are wary about clicking the included links (good for you, by the way), copy the redemption code and paste it into the search box at myprepaidcenter.com/redeem. Successfully completing the card application requires accepting a prepaid MasterCard agreement (PDF).
The website for the settlement — equifaxbreachsettlement.com — also includes a lookup tool that lets visitors check whether they were affected by the breach; it requires your last name and the last six digits of your Social Security Number.
But be aware that phishers and other scammers are likely to take advantage of increased public awareness of the payouts to snooker people. Tim Helming, security evangelist at DomainTools.com, today flagged several new domains that mimic the name of the real Equifax Breach Settlement website and do not appear to be defensively registered by Equifax, including equifaxbreechsettlement[.]com, equifaxbreachsettlementbreach[.]com, and equifaxsettlements[.]co.
In February 2020, the U.S. Justice Department indicted four Chinese officers of the People’s Liberation Army (PLA) for perpetrating the 2017 Equifax hack. DOJ officials said the four men were responsible for carrying out the largest theft of sensitive personal information by state-sponsored hackers ever recorded.
Equifax surpassed Wall Street’s expectations in its most recent quarterly earnings: The company reported revenues of $1.24 billion for the quarter ending September 2022.
Of course, most of those earnings come from Equifax’s continued legal ability to buy and sell eye-popping amounts of financial and personal data on U.S. consumers. As one of the three major credit bureaus, Equifax collects and packages information about your credit, salary, and employment history. It tracks how many credit cards you have, how much money you owe, and how you pay your bills. Each company creates a credit report about you, and then sells this report to businesses who are deciding whether to give you credit.
Americans currently have no legal right to opt out of this data collection and trade. But you can and also should freeze your credit, which by the way can make your credit profile less profitable for companies like Equifax — because they make money every time some potential creditor wants a peek inside your financial life. Also, it’s probably a good idea to freeze the credit of your children and/or dependents as well. It’s free on both counts.
I think the lawyers that sued Equifax need to be sued for keeping all the money and not providing it to the people that actually lost from the security breach. My SSN was supposedly not among those affected, so I didn’t worry much, but a few months later 2,000,000 more numbers were added to the list. I found this out when eight credit cards were opened in my name and mailed elsewhere. The thieves address showed up on my credit report as mine! Since I don’t live in the US, I had to fly back to fix the whole mess and be able to do a police report. My compensation for all of this: $35.23. But I see I got more money than others, so why am I complaining?
Wow, so I stumbled upon this here feed yesterday when inquiring about the payment we were waiting for from Equihax. I was hoping wishing and praying for the most ($20,000.) figured it wouldn’t happen, hoped for the $500 range from the 20 plus hours I spent but could only claim 20 @ $25/hr. Would have been satisfied even with the $125, but ended up with a mere $40.44 . I have learned to defeat negative feelings I should be grateful and thankful for what I still do have. Thank you Jesus for everything you do for me.
I got $3.98 . What a joke. Lawyers are popping champagne on new boats and we don’t get enough to even pay for your time to read Mastercards 20 pages of BS agreement to use a $3.98 card.
I just received my check for a crappy $5.21.
Are they kidding me? I did have a case of ID theft a year ago. I have been paying for an ID Theft protection service for a few years. It wasn’t much use to be honest. I had to spend my time getting the issue resolved. I should have checked to see if I can get reimbursed for my time. I should just not cash this stupid check, but they will probably just earn interest in it. Grrrrrrr!
Lmao. $5.81. Are you kidding me? After all that time. I swear I remember in the beginning it said take a year of credit monitoring for free or opt for $180 when it settles but, nope. I get a whopping $5.81. What am I supposed to do with that? Smh unreal!
Lawyers got $77.5 million to handle the case. Chew on that. Think of the accumulative hours wasted dealing with the fallout from the data breach, then the accumulative hours wasted calculating your prior wasted time because the attorneys advertised that you would be fairly compensated. Wish there was a way to sue the lawyers for wasting my time.
5.21 also. Looks sketchy
Well, stick a needle in my eye and call me crazy. I took home a cool $ 5.21, which is not even enough to buy a blue checkmark for a month.
I’m not clicking on anything. It’s not worth the $5.21 to risk more problems. I can find more than that just walking down the sidewalk on any given day!!
I’m scared to death to click on mine for $5.21 is it really worth it… The email to me came from EquifaxDataBreachSettlement@hawkmarketplace.com and then at the bottom is says this?? what?
who?
You received this email from the Equifax Data Breach Settlement, c/o JND Legal Administration, PO Box 91318, Seattle, WA 98111-9418
If you do not wish to receive further emails from the Equifax Data Breach Settlement, contact us at privacy@jndla.com
How would you know it’s real?? hawkmarketplace.com?? hum???
I just don’t understand how are ss#, address, DOB. ARE only worth $10. I just recently had a problem with experian. Some how someone gave them information on one of student loans saying it was paid off. Which made sense because it was my oldest loan I consolidated. So I contacted navient they said they don’t have anything saying it was paid off. Navient told me to contact experian. They kept saying I don’t see it on my end. I said it’s right in front me. They were going to transfer me. And conveniently hug up on me. And all of a sudden the next day the credit report was changed. Good thing I got a copy of it. It’s still saying paid off. But the balance is back. These credit companies have no business being in business. I will be contacting my governor, and congressman.
S P A M
I have not received any emails or postal mail. How can I confirm whether my details were stolen? I really could use that $4.72!
It’s even worse, in the terms of accepting the pre-paid card, you agree to this:
Inactivity Fee. $5.95
You will be charged $5.95 each month after you have not completed a transaction using your card for 6 months
There are a few ways to read that clause due to the lack of punctuation:
1. You have to use the card within six months, or you will be charged $5.95 per month.
– or –
2. Once you use the card, you have six months to use the card again, or you will be charged $5.95 per month.
– or –
3. You will be charged $5.95 for six months once you stop using the card.
In either event, it’s not clear if they mean you will be on the hook for the $5.95 until your card is at zero balance, or if you are charged forever even if you have a zero balance.
After reading the nine page agreement, I don’t think it says either way. Maybe they need to update the TOS to be more clear.
email from hawkmarketplace.com
us a scam??
Just thank you! Mine was only $12, but now I felt safe redeeming it. I now have $12 more than this morning
Finally you can afford that coveted Subway sandwich meal with drink and chips.
Things are definitely looking up.
The email is real and activation simple. To redeem, go to Amazon and reload gift card balance for the exact amount. The entire process takes just moments.
$1.76. And what’s weird is I had revised the claim to get the get the credit monitoring. I thought that meant you were not eligible for the cash payout.
I got a check for $19.30
Enough for gasoline to travel 80-120 miles or so! Look out 2023 commute, winners coming through.
Zut alors…
Amazing to see the US stoofs angrily quibbling over the pennies Equifax has thrown at your feet.
Particularly compared to the tens of thousands of US$ Equifax earns per day, if not per hour, selling the CHI off your Credit Report to the highest bidder at that moment.
Same with Trans Union, Experian.
All because of a 1992 decision by the FTC.
And none of you seem to have a clue or care what to do to protect yourself from the next major CRA breach…
We wish you much good luck…
Blanche DeBois….the real merde in this whole thing is that NO ONE ever signed up with any the credit bureaus. They just siphon our info and create a data base for others to use against us. They are making money off our information without us having a choice. So all the major businesses on the internet thought to themselves: THAT is a fantastic business model,. we will do it too!
Maybe I did better than most, but my check was for $361.94. I did document pretty extensively what all I did and all, so I am guessing that helped.
I got a paypal credit for $5 and change. These people can KISS MY ASS.
I had a surprise notice from PayPal that I had received $7.05 from Equifax while I was away on my cruise. A pittance, to be sure, but a surprise credit is always better than a surprise debit!
Guess I should feel lucky. Scored $12.26! That will teach them to lose years of my credit history.
‘Backendrecover AT rescueteam DOT com’ is the best in recovering any form of lost Bitcoin. ” It was a very pleasant surprise that they” (a) were able to track and recover my stolen bitcoin, and (b) were honest enough to return the coins. I would like to take the time to not only commend the honesty shown here but also recommend him to other people in the future.
So I had similar reaction probably as most readers of this blog. “Enter the last six digits of my SSN (particularly where the last 4 are the only part that seem to have any randomness to them)? Oh HE** NO!!” So yeah, I went to this site and the settlement administrator’s site, buried in the FAQs (though at very end, so does scroll to end, #36 – https://www.equifaxbreachsettlement.com/faq (and yes, I it did make me recall the John Oliver segment re: that site in the early days of this mess…) is the part confirming email to be sent from EquifaxDataBreachSettlement@hawkmarketplace.com.
But yeah, I don’t click links and this just felt rather dodgy AF (yup, we all got paltry fraction of any reasonable settlement, I wasn’t about to add insult to injury and get further violated over roughly $44). But wanted to share the data point of possible validation.
Trying to keep perspective, definitely first world problems and relatively minor at that. But. So. Many. Unforced. Errors.
This is so not how I wanted to spend ANY part of my NYE. But hope this gives maybe someone else a bit of peace of mind.
Here’s to some improvements implemented in 2023. Cheers! (and a sincere thank you that this blog and community exists so we don’t have to mentally shout/curse at our screens alone. Happy 13th and here’s to many more anniversaries ahead!)
Since we tend to be a bit more cyber-wise here, visualize an animated gif of Homey da Clown thwaking this mess upside the head…
So I had similar reaction probably as most readers of this blog. “Enter the last six digits of my SSN (particularly where the last 4 are the only part that seem to have any randomness to them)? Oh HE** NO!!” So yeah, I went to this site and the settlement administrator’s site, buried in the FAQs (though at very end, so does scroll to end, #36 – https://www.equifaxbreachsettlement.com/faq (and yes, I it did make me recall the John Oliver segment re: that site in the early days of this mess…) is the part confirming email to be sent from EquifaxDataBreachSettlement@hawkmarketplace.com.
But yeah, I don’t click links and this just felt rather dodgy AF (yup, we all got paltry fraction of any reasonable settlement, I wasn’t about to add insult to injury and get further violated over roughly $44). But wanted to share the data point of possible validation.
Trying to keep perspective, definitely first world problems and relatively minor at that. But. So. Many. Unforced. Errors.
This is so not how I wanted to spend ANY part of my NYE. But hope this gives maybe someone else a bit of peace of mind.
Here’s to some improvements will be implemented in 2023. And a sincere thank you that this blog and community exists so we don’t have to mentally shout/curse at our screens alone. Happy 13th and here’s to many more anniversaries ahead! Cheers!
Since we tend to be a bit more cyber-wise here, visualize an animated gif of Homey da Clown thwaking this mess upside the head…
Today’s mail brought a check in the amount of $14.02. The various amounts reported are interesting and it leads me to wonder how they are determined.
Yesterday I got a Check for $35.23 from the Equifax Breach Settlement Fund. In my opinion this amount is too low and does not properly reflect all the documents (including PDF files and Jpeg files) that I submitted in 2019 documenting the unending work I ended up doing to protect myself from the breach of my information at Equifax. Very disappointing !
My lawyer hasn’t paid me and my wife anything as of yet every time we call him he says we haven’t heard anything about it yet and we have gotten any money yet should be any day now I think he’s lying I’m going to call the state bare and report my lawyer
I haven’t even gotten a check and it said I was paid on Dec 19th
I Have been working with the settlement breach since the very beginning I’m a former banker I had gotten sick from a rare autoimmune disorder and lost my career. I also was affected by MICROBILT CREDIT REPORTS AND BACKGROUND CHECK, I lived in a car for a yr we couldn’t rent our credit is still bad I fought to get a car our income tax was withheld due to a cancellation of debt I proved not ours a mortgage I was livid they withheld 4 yrs of income taxes I’m fighting for the release of 2018 now the last one. I filed ID THEFT FORMS made BBB complaint pd to fax information and pd to get background check s to observe which was all wrong, we pd for countless rental app fees to be turned dn due to information not political correct on our files. I was actually thrown in a mental institution 120 mph away from my he cause they claomed I was hallucinating ppl were after me my medical file was and is hacked badly I was refused pain meds because they labeled me as an addict and I hadn’t used home pain meds in 8 YRS since the lupus treatment I’m 4’8 98lbs they said I was on 5 pain meds o went to school to be a nurse before I settled for finance, I looked at the nurse and calmed myself as best as I could and stated lady look at me do you really believe I could handle heavy hitter drugs with my height and weight I mean really get me the head of this hospital. It turned out a few times someone didn’t CK my ID IM A SPECIAL NEEDS PATIENT I RECEIVE LIFE TREATMENTS OR IM IN TROUBLE I REC INFUSION 3 DIFF KIND A MONTH. Now there is more with just that is 5 dollars is all I’m going to get and I’m facing eviction again because we couldn’t get a loan to cover expenses when my husband job runs low he’s a OTR PROFESSIONAL DRIVER we could have rented somewhere else cheaper but our background check is still affected 7 yrs later. I did follow the directions in the last steps of EQUIFAX I HAD A HARD TIME WITH DOCS SO I EMAILED THEM TO THE ADMINISTRATOR I HAVE BEEN IN CONTACT 2X WITH THEM AND HAVE TICKET NUMBERS BUT I NEVER GOT ANY AILS WITH THE PREPAID CARD NOR DID I GET A ANSWER OF WHAT THEY Decided FOR US DO YOU HAVE A SUGGESTIONS IT MIGHT BE WITH YOUR FIRM THERE WERE A FEW OF YOU I HAVE THEM IN MY EMAIL BUT IT WILL TAKE ME A TIME.
If you have any answer I would appreciate it this was a nightmare you know it originally started on our T-Mobile account my son was my co signer and we were getting ready to get him off and get our own contract when we noticed a unlimited phone bill went to 2,000 in no time today my son still doesn’t talk to me he never invited me to his wedding he thought I had did that we didn’t even have new phones. All because someone else wants to steal and something for free instead of working for it.