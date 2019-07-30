Last week, Equifax settled a bunch of class-action lawsuits over its 2017 data breach of credit information of some 147 million people, then among the largest on record. The bill could eventually reach $700 million, with much of the cash going to lawyers and various state and federal regulators. But a maximum of $425 million was set aside for victims of the hack. That works out to $2.90 in compensation per victim, not exactly worth getting out of bed for.

I know you wanted that $125 check from data broker Equifax , as a token for having your personal data stolen by hackers. But you’re probably not going to get it.

However, Equifax is reserving the bulk of the $425 million for those who’ve suffered specific financial harm from having their data stolen and then used by thieves. Think of someone whose bank accounts have been drained, or somebody whose identity was used to run up massive debts with fraudulent credit cards. They’ll get most of the cash.

Equifax will provide up to $20,000 to cover such losses and will pay for seven years of an identity restoration service that will work with banks and other businesses to help straighten out the victims’ affairs. Equifax has earmarked an extra $125 million especially for such cases.

Next, Equifax has set up two pots of $31 million each. One will compensate people for the time spent cleaning up the damage to their finances. Here, the maximum payout is $500, or $25 per hour for up to 20 hours of effort. Just provide documentation of the identity theft, such as a report from your bank.

The second $31 million is more open: $125 payments to anyone whose data was compromised. That’s enough for 248,000 people.

In each case, the pool of money is limited, and if a large enough number of people apply, the payouts will be reduced.

That’s disappointing, but it makes a certain amount of sense because the money should first go to those who lost the most.

That means the millions who had their data hijacked but not yet abused could get a pittance. Yet their stolen data will remain available to criminals for future abuse. If that happens next month or next year, that Equifax cash won’t be much of a help.

So you’re better off accepting the company’s alternative offer: four years of comprehensive credit monitoring, which will help prevent bad guys from using the data they stole.

You can get similar services for free from companies like Credit Karma and FreeCreditScore.com. But the Equifax plan covers all three major credit rating agencies, while the free services generally only cover one or two. Also, Equifax throws in $1 million of identity theft insurance. That beats a cash payout that might not even cover bus fare after several million victims apply for it.

Massachusetts residents can hold out hope for a better deal. Despite the settlement, Attorney General Maura Healey will continue to pursue a separate lawsuit the state has filed against Equifax.

But don’t let that stop you from going to the Equifax settlement website and checking out your options. At the very least, you can find out whether you’re one of the victims and start making some moves to protect your identity.

Keep in mind that none of these benefits will be paid until a judge signs off on the terms of the settlement, and that’s months away.

Despite the big dollar amounts in play here, the deal amounts to a suspended sentence for a company that should be flirting with the death penalty. Equifax collects vast amounts of sensitive data about virtually every adult American and knows quite a lot about our children too. And while Internet companies such as Facebook compile information that we’ve voluntarily provided, Equifax and similar data brokerages never asked us for permission to collect this information. They just ferret it out from businesses, banks, and public records, file it in vast data centers — and occasionally misplace it, with potentially devastating results.

Other giant companies are been disappointing, too. On Monday, credit card issuer Capital One revealed that a hacker gained access to the financial records of 106 million customers. The haul included 140,000 stolen Social Security numbers and 80,000 bank account numbers.

To get the attention of these careless corporations, Massachusetts Democratic US Senator Elizabeth Warren favors the legal equivalent of a baseball bat. She’s proposed legislation that would require companies to pay a minimum of $100 in penalties for each identity compromised.

For those not doing the math, in the case of Equifax, that comes to $14.7 billion. That sounds fair to me but would probably wipe the company out. So the law caps the maximum penalty at half the company’s revenues from the previous year. That would amount to a $1.5 billion penalty for Equifax, more than double the proposed settlement.

Half of that — $750 million — would have been earmarked as compensation for victims. And the penalty would rise to 75 percent of revenues if the company failed to notify regulators of a security breach or failed to take proper security measures, such as encrypting the data.

I suspect many companies would be unable to comply with a law this tough. But if incidents like the Equifax and Capital One attacks continue, maybe we will soon find out.

Hiawatha Bray can be reached at hiawatha.bray@globe.com. Follow him on Twitter @GlobeTechLab.