Brett Barrouquere of the Associated Press reports:
A federal judge has given preliminary approval to a settlement between Countrywide Financial Corp., and millions of customers whose detailed financial information was exposed in a security breach.
Under the terms of the settlement, Countrywide, now owned by Bank of America, would give up to 17 million people whose information was exposed during the security breach free credit monitoring. That group includes anyone who obtained a mortgage and anyone who used Countrywide to service a mortgage prior to July 1, 2008.
The settlement entitles a person up to $50,000 in reimbursements from Countrywide per instance of identity theft, provided they actually lost something of value, were not reimbursed and it is more likely than not the theft stemmed from Countrywide.
In January, BOA agreed to pay Connecticut $350,000 and reimburse customers who had to freeze their credit after a massive data breach. About 30,000 Connecticut residents were affected.
Note that this settlement is separate from another Countrywide settlement in the news this week concerning a $4.4 million settlement finalized last year with Countrywide over alleged unfair and deceptive mortgage practices.
No previous report on this breach has indicated that up to 17 million people were affected, at least not to my knowledge. Most sites were reporting 2,000,000 as the number affected. I’ll have to look into whether that puts the Countrywide incident on the Top 10 list of biggest breaches when I update that list for the year next week.
More to the point, however, I don’t see where this “settlement” really gives anything significant to those affected that they shouldn’t have been given immediately and in any event. It’s a shame that it requires litigation to get breached entities to offer credit monitoring and restoration services.
If you could write the settlement, what terms would you include?