Lawsuits Filed in Equifax Data Breach
Last week, Equifax announced that hackers had broken into their servers and accessed the records of approximately 143 million Americans.
As a result of the breach, more than 30 class action lawsuits have been filed in the United States, including a suit in Utah in which five plaintiffs have sued Equifax for $5 billion, claiming the theft of their personal information has put them at risk for identity theft.
Lawsuits have been filed in 14 states and the District of Columbia, and each cites a number of legal claims, including alleged security negligence, a delay in alerting consumers of the breach and issues with the credit monitoring offered to those affected.
Equifax has been criticized for its offer of a year of free credit monitoring. Initially, to use Equifax’s TrustedID service, consumers allegedly had to waive their right to sue the company, join a class action lawsuit or benefit from a class-action settlement. The company claimed that waiver did not include this security breach but has since dropped that arbitration clause entirely.
Shareholders have also filed suit in this matter over Equifax’s alleged inability to protect consumer data and also over allegations the company inflated financial statements and share prices before announcing the breach. The company, which is one of the three largest credit-reporting and monitoring firms in the country, discovered the breach on July 29 but did not disclose the attack until September 7.
In addition to the various lawsuits, lawmakers have also demanded answers from Equifax. Senator Orrin Hatch, Chairman of the Senate Finance Committee and Democrat Ron Wyden have written to Equifax CEO Rick Smith and demanded a full timeline of the incident, including when it occurred and when the board and authorities learned of the incident. The Senators also want to know when three senior executives who sold their shares worth nearly $1.8 million in August were notified of the breach.
Information exposed in the breach, which occurred between mid-May through July 2017, included names, Social Security numbers, birth dates, addresses and, in some cases, driver’s license numbers. The credit card numbers for about 209,000 consumers and dispute information for about 182,000 consumers was also accessed.