You Have a Moral Obligation to Claim Your Portion of the Equifax Breach Settlement ⇥ slate.com

Josephine Wolff, Slate:

Go claim your $125 from Equifax. Right now. Even if $125 isn’t a sum of money that matters to you, even if you don’t feel you were really directly affected by the breach. Even if the prospect of filling out a relatively brief online form fills you with more dread than the theft of all your personal data.

Consider it a part of your civic duty: driving up the costs of data breaches for corporations so they have an incentive to invest more heavily in security.

Keep in mind that $125 is the minimum you are owed if your data was part of the Equifax breach. There are other categories of remediation that you can claim for, and I highly recommend that you get as much as you can. Whatever you’ll get, it won’t be enough, but at least you’ll do your part to make events like these costly for the companies involved until meaningful changes are made to eliminate the surveillance economy.

By the way, Wolff suggests in this piece that the Equifax breach may have been the product of a financial decision:

I think the costs of security breaches should, in some sense, be the costs of doing business, as opposed to an existential threat that drives the breached company into the ground. That way companies can weigh those costs against the costs of larger security investments and adjust their budgets accordingly. But I would like for those breach costs to be high enough to drive significant investment, and for that to happen, you have to do your part.

Earlier this week, I listened to an excellent two-part episode of the Malicious Life podcast (via Roee), in which the host, Ran Levi, argued that Equifax’s CEO was among the most aware of security risks, and worked hard to mitigate them. I am loathe to empathize with a CEO who oversaw among the most disastrous breaches of trust in corporate history only to be allowed to retire, but Levi’s argument is compelling and worth a listen, if you have the time.

Update: Rufo Sanchez actually read the settlement agreement unlike me and, presumably, everyone sharing the advice to claim your cash settlement. From the settlement (PDF):

If there are more than $31 million in claims for Time Spent made during the Initial Claims Period […], all payments for Time Spent will be reduced and distributed on a proportional basis.

[…]

If you already have some other kind of credit monitoring or protection services, and do not claim the free Credit Monitoring Services available through the settlement, you may file a claim for Alternative Reimbursement Compensation for up to $125. […]

If there are more than $31 million claims for Alternative Reimbursement Compensation, all payments for Alternative Reimbursement Compensation will be lowered and distributed on a proportional basis.

There are two pools of $31 million here. One pool is for people taking $125 instead of credit monitoring services; the other $31 million is for people claiming time spent.

As Sanchez calculated, if all 147 million affected people claim the cash payment instead of credit monitoring, everyone gets $0.21. Of course, there’s no way that every impacted person will claim the cash payment — or, indeed, claim anything at all — but I would not be surprised if more than 248,000 people claim cash, given the publicity it has received, so everyone might get less than $125.