September 19, 2019

Senator Warren Raises New Concerns About Equifax Turning Away Customers Impacted by Data Breach and Seeking Settlement Awards

Reports indicate questionable tactics used by FTC to reduce the number of consumers who will receive payments for having their data exposed in the Equifax breach

Washington, DC - United States Senator Elizabeth Warren (D-Mass.), member of the Senate Banking, Housing, and Urban Affairs Committee, sent a letter to the Federal Trade Commission (FTC) requesting information regarding reports that consumers who opted to receive a $125 payment as a part of the Equifax breach settlement are now receiving suspicious-looking emails forcing them to complete additional, complicated steps in order to receive payments – an action that appears designed to reduce the final number of consumers who receive the cash award. Consumers may also be unlikely to complete the additional steps from suspicious-looking emails after having their personal information exposed.
Last month, the senator requested the FTC Inspector General launch an investigation into FTC’s handling of the settlement payout process after questions were raised about the FTC’s role in misleading the American public about the terms of the settlement and consumers’ ability to obtain the full reimbursement. Given the new reports, Senator Warren is following up on her August 2019 request by directly questioning the FTC about its role in what appears to be a new effort to reduce the final number of consumers who receive cash awards from the settlement.
Almost two years after the Equifax breach, on July 22, 2019, Equifax reached a settlement with the FTC, the Consumer Financial Protection Bureau (CFPB), and 50 U.S. states and territories, agreeing to pay between $575 and $700 million. The settlement offered affected consumers the option to choose four years of credit monitoring or a cash award of up to $125. However, the settlement only allotted $31 million to this cash award fund and stipulated that payments “shall be reduced on a pro rata basis” – information that was not provided in an appropriate fashion to consumers until after they selected their settlement option.
On September 7, 2019, consumers who requested the $125 payment before August 2, 2019 received an email from the Settlement Administrator informing them of additional steps they would need to complete before they could receive any cash payments. The email informed them that unless they “provide the name of [the] credit monitoring service” they had before filing their claim or “amend [their] claim to request free credit monitoring” instead of the cash award, their claim for $125 “will be denied.”
“On top of the growing list of flaws in the Equifax settlement, these additional steps that appear to be designed to weed out deserving claimants were not even initially communicated to the 147 million consumers affected by the breach,” said Senator Warren in a statement released alongside her letter to the FTC. “I am asking the FTC why the Equifax settlement was so flawed, why communications about the settlement were so misleading, and why the FTC hasn’t stepped in to restrict the use of these latest tactics.”
The senator requested that the FTC address her questions no later than October 2, 2019.
In the aftermath of the massive Equifax breach in 2017, Senator Warren opened an investigation into the causes of the breach and the company's response, and since then, has taken numerous actions to address data security problems, improve federal oversight of financial institutions, and better protect consumers:
  • Senator Warren recently requested an investigation of FTC’s misleading Equifax settlement descriptions which did not advise consumers affected by the Equifax breach of the likely reduction of their settlement payments. 
  • In August 2019, she pressed Capital One regarding the massive data breach revealed earlier this month that compromised sensitive personal information of over 100 million Capital One customers.
  • In June 2019, Senators Warren and Ron Wyden (D-Ore.), and Chairman of the House Committee on Oversight and Reform Elijah Cummings (D-Md.) released a Government Accountability Office (GAO) report identifying significant gaps in the federal government's treatment of citizens' personally identifiable information.
  • In May 2019, Senator Warren and Chairman Cummings reintroduced the bicameral Data Breach Prevention and Compensation Act with Senator Mark Warner (D-Va.) and Representative Raja Krishnamoorthi (D-Ill.) to hold large credit reporting agencies accountable for data breaches involving consumer data.
  • In April 2019, Senator Warren introduced the Corporate Executive Accountability Act, legislation that would make executives of big corporations criminally liable if their companies commit crimes, harm large numbers of people through civil violations, or commit new violations while under the supervision of the court or a regulator for a previous violation. The bill would make it easier to send executives to jail who are found liable or enter a settlement with any state or Federal regulator for the violation of any civil law if that violation affects the health, safety, finances, or personal data of 1% of the American population or 1% of the population of any state.
  • Senator Warren and Chairman Cummings released two additional GAO reports, prepared at their request, detailing how hackers exploited significant vulnerabilities at Equifax to gain access to the sensitive personal information of more than 145 million Americans and recommending stronger consumer protection efforts to prevent another Equifax disaster. GAO recommendations were incorporated into the lawmakers' 2019 bill.
  • Senator Warren released the first comprehensive review of consumer complaints in the wake of the breach, revealing that the CFPB received more than 20,000 consumer complaints following the Equifax breach.
  • In March 2018, on the 10th anniversary of the collapse of Bear Stearns, which marked the beginning of the financial crisis, she introduced the Ending Too Big to Jail Act, a bill that would make it easier to bring criminal charges against bank executives whose organizations defraud consumers.
  • Senator Warren unveiled a 15-page report in February 2018 containing the findings of a four-month long investigation into how Equifax failed to protect the personal data of more than 145 million Americans.