The Equifax data breach resulted in millions of accounts being exposed and was one of the largest privacy breaches in history.  They have issued settlement payments, but the latest payment email they sent out has a large number of red flags for me, and I will not be participating.  This post will tell you why.

The Equifax data breach, one of the largest and most significant in history, occurred in 2017 and exposed the personal data of approximately 147 million people. Here’s a summary of the key points:

What Happened?

• Equifax, one of the largest credit reporting agencies in the U.S., experienced a cyberattack from mid-May to July 2017.

• Hackers exploited a vulnerability in a web application framework called Apache Struts that Equifax had failed to patch despite warnings.

What Data Was Exposed?

The breach compromised sensitive personal information, including:

• Names

• Social Security numbers

• Birthdates

• Addresses

• Driver’s license numbers

• Credit card numbers for about 209,000 consumers

• Dispute documents for around 182,000 consumers

Impact

• Nearly half of the U.S. population was affected.

• Victims were at risk of identity theft and financial fraud due to the nature of the exposed information.

• Equifax faced widespread public backlash for mishandling consumer data and the breach response.

Legal and Financial Consequences

• Equifax settled with federal and state regulators in 2019 for up to $700 million, including:

  • $425 million for a consumer restitution fund.

  • Penalties and improvements in data security.

• Consumers were offered free credit monitoring or up to $125 in cash (though cash payouts were limited and became controversial).

Lessons Learned

The breach highlighted:

• The importance of timely software updates and patches.

• The need for robust cybersecurity measures, especially for companies handling sensitive data.

• The long-lasting impact of breaches on consumer trust and company reputation.

The Equifax data breach serves as a stark reminder of the critical role cybersecurity plays in protecting consumer information.

This brings us up to December 2024.

Equifax is sending out emails that appear to be legit, with the subject:

Equifax Data Breach Settlement Additional Pro Rata Payment

They look something like this

Now searching through the website and the normal scam sites shows that this is a legit offer, but the amount is not enough to get me very excited, and the process looks like it's a bit on the shady side to me.

The official site shows that this payment is good for a Gift Card that you can use for some unidentified form of shopping.

It asks me for all of the same information that Equifax already knows about me... so if they were going to send me a gift card, why not just send me a gift card?

My first guess is that a large number of people will NOT do this, so they don't have to pay out that money.

My second thought is there must be a catch...

Reading the Contract that you have to agree to - with many pages of fine print - I did notice the following OTHER FEES associated with this gift card:

The first item is the most interesting to me.

If you elect to accept this gift card, and you do NOT use it within a 6 month time period for some reason, you WILL BE CHARGED $5.95 EVERY MONTH.

Yeah, no.

When my spidey-senses are tingling, my answer is always no.

So Equifax, thanks but no thanks. You can keep the $7.43.