Millions of US citizens have recently received letters informing them that they are entitled to a payout, following the conclusion of a class action lawsuit related to the 2017 mega data breach at consumer credit bureau Equifax.
Cybercriminals stole the social security numbers, birth dates, addresses and other personal information of 150 million people.
In 2020, the US Department of Justice indicted four Chinese officers of the People’s Liberation Army (PLA) accused of the cyberattack, considered the largest theft by state-sponsored hackers ever recorded.
The compensation offered may take the form of free credit monitoring for three years, provided by one of the two American giants in the sector (Equifax or TransUnion) or by the Irish company Experian. It may also be taken as a financial payment of up to $125. Complainants may also be compensated for the time spent trying to remedy the fallout from the breach.
In the 2019 ruling, Equifax was ordered to pay up to $425 million, with a maximum of $20,000 per consumer. However, most consumers are likely to receive only about $10.
To make matters worse, many cybercriminals took advantage of the scale of the theft to publicise fake refund offers to steal banking information.
Tim Helming, a security expert at DomainTools.com, has reported that several domains have recently been created that mimic the name of the real Equifax Breach Settlement site. Equifax does not appear to have registered these fake domains for defensive purposes.