When hackers steal consumer data from a major company, the fallout is depressingly familiar: The corporation comes to a settlement with class action lawyers, who get paid nicely, while most of the victims of the breach get credit monitoring or nothing at all.
Equifax, which recently presided over one of the worst data breaches in history, is likely to be a different story.
Unlike like other high profile data breaches, such as those at and , the credit bureau will probably have to pay actual money to consumers as compensation for its sloppy security practices.
According to Chicago attorney Jay Edelson, the lawsuits “if done right” will see Equifax pay more than $1 billion with much of that cash going directly to the over 143 million consumers who had personal data like their birthdates and Social Security numbers stolen. He predicts the lawsuits will be settled in less than two years, meaning many consumers would be in line to get at least a small check.
There are several reasons why the fallout will be different this time around. A big one is a new reluctance among judges to sign off on class action settlements that include only free credit monitoring services--which, as security experts have pointed out, often serve as a way for companies like Equifax to push consumers into a paid subscription service.
Meanwhile, courts today are more willing to treat data theft as a harm in its own right, rather than requiring consumers to show actual economic database from a credit breach. This change, spurred on in part by a seminal Supreme Court ruling in 2016, sets the stage for a departure from past settlements like those shown in the chart below.
The chart depicts how companies like Michaels and Home Depot, which incurred massive breaches, paid a relative pittance, and only to a small percentage of the affected customers:
Another reason the Equifax case is shaping up to be different is the involvement of state Attorneys General, and cities like Chicago and San Francisco, which are in the process of bringing lawsuits of their own.
According to Edelson, the state and city governments ratcheted up their legal response following reports that Equifax, shortly after the breach, attempted to induce consumers to waive their right to sue in exchange for credit monitoring.
How Much Will Consumers Collect?
Consumers will no doubt be pleased if a class action settlement produces a check from Equifax rather than, as is typically the case, a congratulatory press release and an offer of credit monitoring. A related question, of course, is “How much?”
Edelson said it’s soon to speculate on individual payouts but, if his overall settlement estimate of $1 billion is correct, that would translate to roughly $7 for each of the over 143 million affected consumers. That’s hardly a princely sum, especially if at amount comes before lawyers take their cut. But it could also be higher if many of the Equifax victims (as often happens) fail to put in a claim, and their share is divided among those who do.
Get Data Sheet, Fortune's technology newsletter.
Meanwhile, consumers will be eligible to collect different amounts based on where they live. This is because the lawsuits brought by cities and Attorneys General will be based on the data breach laws of individual states, which provide a range of different penalties, and those settlements will be distributed on a local, not national basis.
A further means of evaluating Equifax’s potential liability is by looking at its share price. Initial reports of the breach saw Equifax stock fall 35% and the company lose nearly $6 billion in market cap, though today shares are trading at only 21% lower than before news of the hacking.
This suggests the market believes Equifax will survive the current legal and regulatory gauntlet it is facing, though Edelson suggested some investors may have failed to price in courts’ harsher views of data breaches--meaning the stock may be trading higher than it should be.
For its part, Equifax is saying little about how much all this will cost.
“We cannot comment on pending litigation, but want to reassure consumers that we are remaining focused on helping them to navigate this situation and providing the best customer support possible,” said a company spokesperson.
- Why the U.S. Has Knives Out for Russia's Kaspersky Labs
- Why the Monopoly Man Trolled the Senate Equifax Hearings
- How Equifax Is 'Making Millions of Dollars Off Its Own Screwup'
- Someone Dressed Up as the Monopoly Man Was at the Senate Equifax Hearings
- Equifax Compromised the Data of 145 Million Americans. But the IRS Gave It a Multimillion Contract Anyway