If you have been reading our blog or seen any news lately, you have likely seen the reports of the massive Equifax breach, This incident resulted in around 143 million American’s personal data and some financial information being compromised. It included information like birth dates, addresses, Social Security numbers, and even some driver’s licenses. This is one of the largest breaches that we have seen in recent years, especially with the type of information that was compromised. What makes it more difficult is that virtually everyone is a customer of Equifax, even though many do not know it. Equifax is one of the two large credit monitoring services, which means that they store data about a massive number of people. Well, being that this data they were storing has been compromised and put all of those customers at risk, Equifax is obviously liable and in pretty hot water at the moment. In fact, the breach has now come to the same thing that many breaches do – legal action.
Numerous lawsuits are actually in progress against Equifax in regard to this breach. One of the larger ones has been filed in Portland, Oregon according to Bloomberg. The customers involved in the lawsuit state that Equifax has displayed negligence in regard to their information security. This class action lawsuit is being led by two firms, with those being Olsen Daines PC and Geragos & Geragos. This is no small lawsuit, as they are asking for billions in damages. According to Bloomberg, an attorney from Geragos said that the lawsuit is seeking as much as $70 billion in damages nationally. The plaintiffs in the case are Mary McHill and Brook Reinhard, both of which had their information stored by Equifax.
As mentioned above, lawsuits against organizations that suffer breaches are not an uncommon occurrence. Of course, it is the right of those affected by these breaches to seek to recover damages or compensation for having their information exposed. Although, this Equifax case is definitely one of the largest sums to have been sought in these kinds of cases. At the same time, it is quite understandable because of the size of the breach and organization.
Equifax has been criticized in their overall handling of the breach. Firstly, they had initially discovered the breach in late July, but had waited over a month to announce it. This is extremely bad practice in the event of a breach, being that those affected need to know that their data may have been compromised so that they can take measures to protect themselves. In addition, Equifax had set up a website for individuals to check whether their data was included in the breach, but it did a poor job of this. When the site was first put up, it did not even tell people right away whether their information was affected, but it automatically signed them up for credit monitoring services. Initially, there was speculation surrounding this credit monitoring, as the terms and conditions of the service appeared to state that signing up waived individual’s right to legal action. The site has since been altered somewhat. It does not necessarily give a definitive yes or no regarding your information being affected, but it could say that they believe it “may” have been affected. Equifax has also stated that the legal rudiments in the terms and conditions apply only to the credit monitoring service and do not eliminate the right to pursue legal action regarding the data breach. As a further difficulty, individuals have also had trouble using the phone line that Equifax set up. Some people have been hung up on before they even talk to anyone, or they do not receive a definite answer about whether their data was compromised.