First of all, it's entirely understandable if you thought the form you already filled out was, you know, the Equifax settlement claim itself. It turns out, though, that the process was always going to include this second step. If you opted for money instead of the free credit monitoring option offered under the terms of the deal, you now have to prove that you've already got credit monitoring in place. But you're forgiven if you didn't take time out of your life to establish this very specific paper trail.
The good news is that you very well may have credit monitoring in place, whether you realize it or not. The free credit monitoring Equifax offered after its breach has now expired, but many states offer a list of disclosed breaches that you can check. Many of those companies have given out free credit monitoring as recompense. For example, certain victims of the Capital One and Verity Health System breaches were offered free credit monitoring. If you don't live in a state that maintains such a list, you can use tools like the Privacy Rights Clearinghouse database to jog your memory about breaches you may have been involved in that offered the service.Other incidents, like Starwood Marriott's recent breach , yielded other types of web monitoring services for victims. And many credit cards, bank accounts, or other platforms like Credit Karma include some free protective offerings. It's unclear whether the settlement administrator will accept those, but they seem like they would fall into the category of what the Equifax settlement calls a "credit monitoring or protection product." After disclosing its breach in May, the National Baseball Hall of Fame said, "we have taken steps to alert the credit card brands of the incident so they can monitor your account for potential fraudulent activity," which may or may not count. It's worth a shot.
You also may be able to circumvent the whole credit monitoring issue altogether. The Equifax settlement has a provision through which victims can claim a cash payment for "time spent." This means that you can claim a rate of $25 per hour for up to 20 hours of the time you wasted dealing with the fallout of the breach. But here's the kicker: The first 10 of those hours is "self-certified," meaning you don't need to provide documentation, you just need to describe what you spent the time on. "You must certify that the description is truthful," the settlement says. "Valid claims for Time Spent will be reimbursed in 15-minute increments, with a minimum reimbursement of 1-hour per claim."
If you spent hours researching what to do about the breach, setting up credit freezes, hopping on the phone with your bank, or doing anything else remotely relevant, you can claim up to $250 for that time without needing to show any specific evidence. If you've already filed a claim and received the email this weekend you will likely need to contact the settlement administrator to also claim time spent, though you may be able to submit the additional claim through the web portal.