I apologize for the length of this update, but there's important info here, especially at the end:
The FTC has now gone silent on their proposed slap on the wrist for the Equifax data breach which impacted nearly half our country's population. No press releases, no responses to inquiries, etc... It seems they are counting on interest in this issue to die long before a Federal Judge makes his January 2020 decision to accept or deny the settlement.
WE CAN NOT LET THIS HAPPEN !!!!!
If approved, the precedent set by this settlement will nearly eliminate the incentive to protect your personal data by making it more cost effective for companies to risk paying a fine! After all, these companies ONLY pay a fine IF they get caught and the fine is small compared to their revenue. Worse yet, our government seems to rely on these very companies to admit they lost our data in the first place (instead of independently trying to detect such breaches!)
Think of this like driving without insurance. The law may require you to have it, but if no one checked until you had an accident, you might be inclined to skip insurance and save the money. You might be even more inclined to do so if you could afford to pay the damages to your accident victim without anyone else finding out about it. And if the government's primary method of discovering your accidents was that you notified them, it could be pretty tempting to arrange for "administrative errors" that lose those required notifications. Save money, increase profit, pay off errors you can't hide, rinse and repeat.
Think this can't happen, won't happen or doesn't already happen? Think again! Consider that 3 Equifax Execs, knowing of the breach before publicly admitting it, profited from the sale of nearly $2 million in stocks and were subsequently forced to pay less than $200,000 in fines and restitution while being placed on "house arrest" for as little as 8 months. Consider that Equifax annual revenues at the time of this data breach were OVER $3 BILLION and their net profits in just one year were more than enough to pay the entire proposed fine (yet they have years to pay it out and may never be required to do so).
If a speeding ticket only cost you 10 cents, would you stop speeding, or simply pay the dime and speed away? Do some research on your own about past data breaches you heard so much about on the news, and how little ACTUALLY became of them. Then you'll understand why this problem continues to get bigger instead of smaller.
Consider too that it is no longer just your address, phone, email, driver's license, credit card and other financial data that is subject to being leaked, but your personal medical data as well, with even fewer consequences. Anthem Inc, the largest U.S. health insurance company, agreed to settle litigation over hacking in 2015 that compromised about 79 million people's personal information for $115 million which represents about FOUR HOURS of revenue for the 90 billion dollar company (they claimed no medical data was released in this breach).
The point is this: Only the largest data breaches are publicized - and breaches are happening far more often because the impact to companies from them is so small, especially in contrast to that of the citizens whose data is compromised. Until we force government to change this paradigm, it's only a matter of time until YOU are personally impacted. Then it may be too late.
Please sign this petition today, and encourage everyone you know to do so. If the Judge on this case forces a larger fine, perhaps companies will take notice.
In the meantime, if you haven't already frozen your credit, you should because that makes it far more difficult for someone else to use your identity to open new accounts. Here are the sites for the three national reporting agencies where you can freeze your credit:
https://www.freeze.equifax.com
https://www.experian.com/freeze/
IN ADDITION, Troy Hunt’s Have I Been Pwned? website (https://haveibeenpwned.com/ will tell you whether your email address or password appears in one of 397 (and counting) data dumps from websites. You can also have it notify you when your email address appears in a new data dump.
This service doesn’t scan to see if your social security number is included in any of these leaks, as dark web scans promise to do. But, if you’re just looking to see if your credentials have leaked, it’s a useful and FREE service.