The settlement you get from a class action lawsuit has no relation to the value of the underlying tort. It is not, as an investor would say, a pricing event.
Everybody’s private information would be worth a different amount if you were talking sheer economic value. A poor persons would be very little, a rich person would be worth very much.
Yes. $30/victim is the negotiated amount at which the lawyers make an acceptable profit.
I'm talking about the lawyers who initiated, orchestrated, and covered all costs associated with the class action lawsuit.
They typically get ~30% of the announced settlement. The headline figure in this case was $5M, so the lawyers likely got ~$1.5M.
That has nothing to do with the worth of each victim's information.
This is actual problem in general. As a rule, I never give my personal information online anywhere, always use fake info. However, there are a couple of cases when real info is necessary. If it's just my real name and phone number like for booking.com, that's maybe acceptable - just one weak point, little PII.
However, an institution like an university requires a bit more, like a copy my ID or a photo. And based on their attitude, I'm sure they'll get hacked sooner or later. Their IT is either outsourced or understaffed and of mediocre quality. The fact than noone broke in (?) is because nobody cared that much.
Your data is probably on a million systems regardless. While minimizing risk is great, I feel like it’s sorta a drop in the bucket. You need to rent a house, and pay a phone bill
> This same university which promised a life access to email address which they did not honor, ...
A tangent, but I had the same thing with my university. I wonder how common this is, and if google is the common thread...
"What are you going to do about it." is the new mantra of the oligopolies. These institutions, both private and public sector, are now so big, they get away with things like this all the time. It's only when the big dogs fight that they change. Mussolini(a piece of sh*t, I know) said something similar about the League of Nations(precursor to UN). It works when robins and swallows quarrel, it fails when Eagles are involved.
- [deleted]
I wonder how much more organizations would value PII if we could legally demand all of the PII of the executive officers for that same price.
Not much, proper PII sustainment over decades (generally) is too demanding for universities unless they have proper resources and knowhow as well.
The US banking system has some blame here as well, just knowing someone’s bank account details shouldn’t let anyone transfer money out of it. IBAN system is quite good at this, that people just share their account numbers with each other and even some merchants like restaurants accept payment through IBAN.
I’d assume the executive officers are just as affected as anyone else. Nobody is safe from the data harvesting/sales going on anymore.
Yeah, sure. Only difference is they have millions/billions to pay for professionals to guard them and watch for anything out of the norm.
Or if the company had statutory liability for any leaks or misuse of material in their control.
According to the statement all university employees data was leaked. This of course would include all of the administration, up to the president.
What I thought was most interesting was the statement at the very end: "The poetic nature of writing in grievance in Arabic is much more effective than in English." Differences between languages are so interesting to me. Anyone here know Arabic and feel the same way as the author? What makes Arabic different in that sense?
I just watched the film about Spotify "The Playlist". It took a few minutes before I picked up that it was dubbed. I switched back to Norwegian with English subtitles and the film became instantly enjoyable. All languages hold a beauty.
"Tír gan teanga, tír gan anam"
TV series, like the company, is Swedish, so probably that language.
Sorry. Definitely Swedish! Apologies to any Swedes.
I think almost all multilingual people would agree that writing cordially is easier in their native language - whatever that language may be. Expressing heartfelt messages in the language you spoke when developing your identity and emotional maturity is more about just that, rather than what the language happens to be.
Class actions like this are opt in; by accepting the settlement you accepted the terms and lost your right to sue for a different (more appropriate to you) value.
Planet money did a a great segment on how these work and why America is set up this way. I learned a lot about it. You should definitely take a listen[1]. If you aren’t on Apple then search “What to do when you’re in a class action?” And find the podcast (not the summary article).
1: https://podcasts.apple.com/us/podcast/planet-money/id2907834...
This one is opt out: see https://www.uofmdatasettlement.com/
"IF YOU DO NOTHING
Get no benefits. Give up your rights to sue the University over the legal claims in this case."
Sorry, my phrasing was off. I should have said, “you can opt out”
I also confirm that I did not submitted a claim to be included.
What would an actual market price be for this PII?
Let's say someone offers $X, and in return they post on a public website your name, address, date of birth, Social Security number and employer. Not a lifetime feed, but a single snapshot of this information taken between 4 and 36 years ago, to match the details of this university leak. Maybe some additional info like what grades you got, but not your financial or health history. This offer is made to all adult Americans.
What would X need to be? I suspect the vast majority of Americans accept this at $10,000. And a very significant number take it at $100, or in return for access to a trendy new social network or a discounted television or similar.
I'd take this offer for some five figure sum, which would not be a life changing amount to me. It's a complicating factor that SSNs are traditionally a vector for fraud, but that would go away once people take this offer.
Oh that's easy. There's a business model at play here. The point of this information is to make you spend more, and the value of that information is something like 1%-2% (goods) to 30% (of things like credit card fees you pay) of what you spend more if the shops around you know this information.
So from your perspective, the net value of the information is negative. Very negative in most cases.
The power of this model is the adversarial aspect. If there's 2 stores, especially online, and store A knows this info it can be 10% more expensive and grow faster than store B. Which means stores can't choose not to pay, it's a losing proposition and these businesses will die if advertising works even a little bit.
This aspect is why Google, and everyone, want AI to "fight" over everything: the adversarial aspect. Because for any particular purpose, OCR, or even making entire movies, there's a level of AI that's "good enough". Google or Facebook might reach that level 6 months earlier than everyone else (I would have said 10 years earlier 5 years ago, but even OpenAI's advantage has has shrunk to 2-3 months now, so I feel 6 months is generous), and I'm sure that'll be a good business ... for 6 months, if done well. But if you can create a fight where the best AI wins, then AI is worth the highest amount anyone will offer ...
Do I spend more, or on different things? And do I get any extra value out of the extra things I buy? Most people spend approximately all of their disposable income. The information is valuable to marketers fighting to divide up that pie, not to increase the total spent.
If it does significantly boost the amount of money spent and thus the velocity of money, should governments consider publishing everyone's PII as a way to stimulate economic growth?
> The information is valuable to marketers fighting to divide up that pie, not to increase the total spent.
That's why Google is receiving more money than the information is worth.
the price for a standard "US Fullz" record is between $5 and $30. slightly more if their credit score is exceptionally high (allows for bigtime fraud), but nothing more than $100. I think the low price is driven by a seemingly infinite number of leaks.
Fullz + Passport/DL + Selfie: $80 – $150
disclaimer: I work in tech/trend analysis
The $30 settlement doesn't mean that's what the data is worth. For better estimation, we could look at how much discount various places are giving for information. For example my shopping data is apparently worth many hundreds a year. (So a few thousand in total by now) Which is silly considering it's basically the same things on rotation and anyone with even simplest data analysis could correlate all my shopping anyway. But PII isn't that interesting without any other activity attached. So... probably less than my shopping and it doesn't change so there's no need to refresh. Probably in the hundred dollars range then? Unless someone wanted to use it for impersonation where financial hacks, then maybe it goes up to thousands as well? (Large percentage will not convert)
I think if you look at what it costs to purchase your personal information you will find it is worth far less.
> They will not take responsibility for their actions, and they will not compensate you for the damage they caused. They will just offer you a small amount of money and hope that you will forget about it.
Paying for a wrongful action is taking reponsibility and compensating. But also "for the damage they caused" - what's the damage if the info is already out there?
> The basic problem is that they do not care about us.
True, of course, but the basic problem is different - "apology" costs more due to the way the legal system is set up, "nothing more". Otherwise you'd get your empty apologies left and right, though strang that you value that more than compensation. Empty words cost even less than $30 (unless, of course, there is a system to make them legally potentially cost more)
Author here.
What I mean is that for an institution of higher education and intellectual research, the bar for ethical action should be higher. An apology (with guarantees and plans for improvement with oversight) is better than put a low price and call it cost of doing business. The damages or negative consequences are going to happen no matter what as information is already out there.
My point is not about the money that as person I would get or not. My personal private information is mine and should be protected and the law require that. If anyone consider that it is worthless or not is irrelevant. And because the affect does happen on a scale. This breach for example affect probably close to 200k or more (maybe much more).
My point is we shouldn't normalize that, just if "corruption" is widespread in a place then we should fight it not just say this is how things works. Same thing should happen here. And we should hold people responsible for the decisions liable. This way the simple decision of ignoring cybersecurity or outsource to the lowest bidder suddenly becomes unattractive.
Also I don't understand the logic is that because I got "abused metaphorically" before then it is not a big deal if this happens to me again. Why do we accept this in such case and not in others? And actually in my particular case, the university breach was probably the first breach of my personal information (others happen later). why would that change anything?
“ What I mean is that for an institution of higher education and intellectual research, the bar for ethical action should be higher.”
Who is the highest paid state employee in Minnesota? Hint: he works for umn.edu … [1]
Who controls the largest budget at umn?
Who drives the largest revenue for the state university program and hires and fires the other highest paid employees of the state?
I am sorry to say that your expectations of the sports media enterprise that happens to also be a university are misplaced.
Big conference universities are development leagues for the NFL and that is where expectations for behavior should be calibrated.
[1] PJ Fleck - $7M annual salary in 2025.
> An apology (with guarantees and plans for improvement with oversight) is better than put a low price and call it cost of doing business
How when this is a 0 price of doing business? And there is a plan: "the University has increased its vigilance in securing information that it maintains", after all "The safety and privacy of all members of the University community are a top priority" https://system.umn.edu/data-incident (this is from 23, not 21). And I'm sure there is some admin position for "oversight"! So if you're after empty words, they have those in spades! And would add the apology you requested if not for the extra legal cost, so I don't see how any of that is better.
> Also I don't understand the logic
Because you've perverted the logic from into some vague metaphorical abuse that can harm every time it happens.
> Why do we accept this in such case and not in others?
We don't because settlements such as this do not depend on whether the info is already public, so you get paid regardless. But also because in such case there is no harm (info is already public), and in other cases there is.
> why would that change anything?
for the exact same reason - because harm depends on the first publishing and you were talking about compensating for harm
It would be interesting to see what calculations went into arriving at the number. They must have started with a large number that should be distributed to all students. Where did that large number come from? Some fund allocated for this kind of purpose? Some ransom that was demanded by the attackers, putting a value on the data? Some psychological tests that determined $30 is enough to keep the young folks from rebellion while not affecting future prospects for the university?
> But also realized that if I had written this in Arabic it would have been much more concise. The poetic nature of writing in grievance in Arabic is much more effective than in English. But I will leave that for another time.
You piqued my interest. I’d like to learn more about that.
The author thinks that $30 is an inappropriate amount, but does not suggest what he thinks the correct sum should be.
It is my opinion that, as with anything that can be copied infinitely for free, his (and my) personal information is worth $0.
> It is my opinion that, as with anything that can be copied infinitely for free, his (and my) personal information is worth $0.
This would include all software, every movie, song, book, photograph, and TV show available anywhere. I'm glad that the rest of society has decided to place the value of those types of things a little higher than you do.
The multi-billion dollar a year industry of buying and selling our most personal data only exists because that data isn't worthless. It's extremely valuable, even yours, and the fact that others are using it will end up costing you again and again throughout your life, often monetarily.
The problem is that "Free Market" economics (which some people still argue is a valid economic theory for some reason) states that the market will decide what things are worth. The market decided a long time ago that movies, songs, books, photographs etc were, in fact, worth nothing. That's the effect of digital media. It's completely incompatible with the free market.
Weirdly enough, the people who were most vocal about this so called "Free Market" were the people who tried to defend their ability to make money from things that can be copied infinitely with almost zero overhead.
This isn't an opinion on whether or not digital media should be free, it's a statement about digital media being completely incompatible with outdated economic theories.
The person you're replying to may actually believe that his personal information should be worth $0. The only reason it's not is because it can be used for targeted advertising and a bunch of even more horribly dystopian purposes.
So, the fact is you're both correct. Personal data should be worthless (in fact, it should be only available with the permission of the "person") if not for bad actors profiting from the purchase and sale of this data.
The broken economic theories of free market economics state that digital media should be worthless, except that current laws and regulations extend out-dated intellectual property laws to protect incumbent distributors and rights holders (this only rarely actually protects the creators of the media). The idealistic goal of the creators profiting from their creations has been corrupted beyond recognition.
Basically, the things you both are discussing are both nuanced and broken. They exist outside of the context you're putting them in.
> The market decided a long time ago that movies, songs, books, photographs etc were, in fact, worth nothing. That's the effect of digital media. It's completely incompatible with the free market.
This is such a willfully ignorant take, it’s wild. Anyone who has a cursory understanding of game theory can see that if this were true a simple recursion would occur:
1. Everyone would pirate movies/tv/books. 2. There would be $0 in producing media. 3. Significantly less media would be produced. Anything capital intensive would be gone. 4. Demand for anything that could be produced would skyrocket. Imagine putting together a blockbuster film when the world hasn’t seen one in a century. 5. People would pay money for the product of 4.
Just because we can get something for $0 doesn’t make it worth $0. I could enslave my neighbors and make them work for me, that doesn’t make human labor worth $0.
It's not an ignorant take, it's reality. If you don't want that outcome, stop supporting outdated economic theories. I didn't say I wanted this to be the case, I said it is the case. The only reason digital media is sellable at all is due to laws and regulations. Not only are these laws and regualtions historically anathematic to those who defend the outdated economic theories, they're also protecting the wrong people. The distribution networks get a much larger share of profit than the actual creators.
People should exchange money for digital goods. That money should go primarily to the creators of those goods. None of this is happening very much, and it's actually moving in the wrong direction.
Ah! I think I missed your point because I read your comment through the lens of the root comment. My apologies!
We’re actually largely in agreement, especially about content creators deserving compensation and the fact that distribution is vacuuming up most of it.
I thought there might have been a misunderstanding there :-) Sorry, I often get long winded and my statements can be ambiguous.
My mistake for sure. Thanks for giving me a chance to realize it. :)
> It is my opinion that, as with anything that can be copied infinitely for free, his (and my) personal information is worth $0.
I realize I’m responding to an account created four minutes ago but… the output of nearly all work done on a computer meets this criteria. Is all work done on a computer worth $0 in your view?
>I realize I’m responding to an account created four minutes ago but… the output of nearly all work done on a computer meets this criteria. Is all work done on a computer worth $0 in your view?
Yes. Also, this website is very pro-piracy, which means they generally agree with me. (Saying this last part because by mentioning the age of my account it seems you're accusing me of being a troll,)
Go ahead, prove you're not a troll by posting your worthless home address, account numbers, and PIN info in public
Interesting! I imagine this website is also full of software developers, startup founders, VCs and others who earn a living in software. How do you reconcile all of that work actually being worth $0 with the fact that we are earning a living?
What would you exactly do with a copy of the source code of the Facebook app?
Sure you can cherry pick an example that would be difficult for me to monetize.
However I can think of plenty I’d do with the model weights for ChatGPT, Claude or Gemini. Can’t you?
I can go on with hundreds of examples. The Waymo source and models, as another example. Enumerating everything would detract from the message so I’ll stop here.
LOL good one
The issue is, that your personal info is valuable to only you. It also doesn't reflect character worth or personal worth.
That's how people gave their privacy away to apps - they've realized this is the best deal they can get for it. Conversely, when the court tries to estimate what is the financial impact of such a leak, there's not much to base it off.
I've just finished The Age of Surveillance Capitalism and it's ridiculous how Google et Al were able to profit from these scraps we gave them. So maybe the value could be higher?
I think $30 at a high enough volume accounts for the high revenue.
Right, that makes the case that the court nailed it. It still doesn't feel good though.
Maybe my perspective on Universities is quite different, but I don't understand the complaints of the author.
This is a public University, they likely outsource some of their IT and somewhere a data breach happened. This data breach apparently affected all employees and students/former students. The faceless "they" the author is blaming in all likelihood was effected more drastically than him.
The 30 dollars is not a payment for the data. It is a compensation for the damages, something which the author admits are likely zero, as previous data breaches already impacted him more drastically.
What should the university have done? 30 dollars seem reasonable for the damage caused.
> What should the university have done?
They should have not collected any more data than they needed, deleted the data they had the instant it wasn't absolutely required, and securely stored all data they truly had to retain. It really isn't that hard to do those things, it's just harder (and more expensive) than not giving a shit, but universities (and just about everyone else hoovering up your private data) just don't give a shit about you and they know they'll get away with it when their negligence/incompetence results in a breach.
The fact that in this instance the breach may have also impacted some of the same people who decided to be so massively irresponsible doesn't change anything.
"likely zero"
If I was (and have been) subject to a data breach, I can guarantee the damages involved are not zero. Even if no specific fraud has taken place (yet).
Time is money.
Rembered that time when Ford estimated human life to not be worth enough in case of lawsuit to add a $5 piece to prevent their cars from exploding on rear impact. I love faceless capitalism.
Edit: iirc that was about $750
Well, there's got to be some estimate put on it. It's obviously not worth adding a $5 trillion piece to a vehicle to make it safer, and it's obviously worth spending an extra 0.05¢ to make it safer.
> in case of lawsuit
They valued it in terms of legal fees and possible "compensation" (yay dad is dead but we got 5k), no lawsuit and your value is exaclty zero.
Reading investor reports is interesting as well, to see what companies think you're worth to them. Check out Roku's ARPU - it's something like $40 a year now per user in marketing.
So basically I have a $40/yr marketing tax on everything I buy, and that's just to pay for Roku.
I wonder how much things would cost if we cut out the entire multibillion dollar advertising industry and just paid for things directly.
my dog ate my homework.