An illustration depicting the Equifax Data Breach Settlement

The Federal Trade Commission has officially opened a claim process for all those who wish to be reimbursed for time, losses, and out-of-pocket expenses tied to the 2017 Equifax security breach that exposed the personal data of more than 145 million U.S. consumers.

As part of its $700 million settlement with the commission, Equifax set aside more than $500 million to compensate the millions of victims of the data breach.

The deadline for completing the claim process is January 22, 2020, but if you want to opt out of the class-action settlement or file an objection to the suit, you need to do that by November 19, 2019.

More about Equifax

In a Monday press conference, the FTC announced that consumers would be able to report some credit monitoring expenses and the time they spent resolving issues raised by the breach without having to submit receipts or other records.

"People feel they have to have all this information, but that’s not necessarily the case,” says Charity Lacey, vice president of communications for the Identity Theft Resource Center, a California-based consumer organization. 

She notes that consumers can claim up to $375 ($250 for time spent and $125 for current credit monitoring) without providing any documentation.

The best approach to the claim process depends on the extent of your losses. If you were the victim of identity theft and it cost you a significant amount of money, it makes sense to gather the receipts and other supporting documents required for a claim that approaches the $20,000 individual limit.  

If you simply spent time researching your options and locking down your accounts, you can make a less detailed claim that will provide you with a little cash, plus free credit card monitoring and identity theft restoration services. 

Here's a step-by-step run-through of the online application process.

What to Do

Step 1: Use this link to access the claim process. Then scroll down to "Find Out if Your Information Was Impacted" and click on that link. After entering your last name and the last six digits of your Social Security number, you'll instantly get an answer about whether your data was exposed and you're eligible to make a claim.

If the answer is yes, click on File a Claim Today toward the top of the page.

Lacey advises parents to see if their children were impacted, as well. "Kids Social Security numbers aren't golden—they're like platinum—for identity thieves," she says. 

Step 2: On the next page, you'll find your options for filing. Filing online is the most convenient, but you can also download a form or have one mailed to you. For security reasons, claims for minors must be sent by mail. Here's the return address:

Equifax Data Breach Settlement Administrator
c/o JND Legal Administration
P.O. Box 91318
Seattle, WA 98111-9418

Step 3: Next, you'll see your options for reimbursement and fields where you'll fill out your personal information. Remember that "Alternative Names" is a good place to include your maiden name.

Step 4: In Section 1, you get the option of free credit monitoring from Equifax, Experian, and Transunion or a cash payment of $125. To get the cash, you must certify that you have credit monitoring and will keep it for six months.

It can be free credit monitoring through an employer or a financial institution. There's no requirement to submit a receipt.

"If you can use other services, take the $125," says Lacey.

For consumers skeptical about accepting the credit monitoring, Lacey explains, "it’s not Equifax doing the work; it’s their competitors doing it on their behalf."

Step 5: In Section 2, you can request reimbursement for up to $500 (20 hours at $25 per hour) for time spent managing accounts affected by the breach.

The first 10 hours require only a description of the time spent. For time beyond that, you must include supporting documents showing that your personal data was misused. 

The form asks you to supply the total amount of time spent on each task, the month and year, and a brief description of the task.

Think broadly. That may include not only time spent talking to a representative from a bank or a credit card company, but also time spent waiting on hold. If you had to make a trip to the bank or another financial institution, that travel time counts, too.

"And, of course, include the time you spent filling out the claim," Lacey adds. 

Step 6: Under Cash Payment, you can request reimbursement for up to $20,000 in losses, but you will need to document those expenses, except for any credit monitoring by Equifax that you paid for. 

Out-of-pocket expenses can include money you spent on credit freezes or credit monitoring, postage, faxes, mileage, and telephone charges. Professional services from lawyers and accountants fall into this category, too. 

As for identity theft costs, the FTC will accept claims for any unreimbursed losses following the breach's start in May 2017, the commission notes, because it's difficult to correlate a loss with a given data breach.

To keep track of expenses associated with identity theft for future claims, Lacey suggests using the ITRC's ID Theft Help App. 

Step 7: In Section 4, you can choose to receive your reimbursement by check or prepaid debit card, which doesn't expire, and complete the process by signing the form electronically.

The claim processing won't begin until next year, so be prepared to wait a while before the reimbursement lands in your mailbox. "You're not going to see a check tomorrow," says Lacey. "But you should see one."