The Equifax Breach
By now, you’ve heard about the catastrophic Equifax cyberbreach that put the personal information of 143 million U.S. consumers at risk. Currently, there are at least 23 proposed class-action lawsuits against the credit-reporting company or their Information Services subsidiary, with more likely to come. Complaints include alleged security negligence, a delay in announcing the breach to the public, and possible issues with the free credit report monitoring service offered to Equifax customers.
Unfortunately, this is not the first such security breach Equifax has suffered. It experienced attacks on a smaller scale in 2013, 2016, and even earlier this year. So shouldn’t Equifax have known its security weaknesses and taken steps to patch them up before a breach of this magnitude occurred?
Consumers’ Prompt Legal Action Could Pay Off
The current lawsuits were filed after Equifax’s announcement of the security breach last Thursday, which exposed private information for an enormous number of the United States population. Equifax received questions about the breach from Sen. Orrin Hatch, R-Utah and chairman of the Senate Committee on Finance, and Ron Wyden, D-Oregon, one of the committee’s ranking members. The senators requested a response from Equifax no later than September 28.
The high number of lawsuits filed is a testament to the elevated risk to millions of Americans whose personal information was exposed to cyber criminals. Although it’s not yet known how much damage has been done, given the incredible number of affected people, it’s not much of a surprise that there are already 23 lawsuits filed.
So what happens now?
All the individual cases will probably be consolidated into one lawsuit on behalf of all affected parties. That case will be assigned to a judge, who would name the firm or firms to serve as lead plaintiff counsel.
In notice to investors, Equifax said that it was too soon to estimate the potential cost to their company as a result of the cyberattack.
The Timeframe of the Attack
Allegedly, the hackers spent several weeks from May through July obtaining names, birth dates, addresses, social security numbers, and even driver’s license numbers in some cases. The attack was discovered on July 29 but not publicly addressed until September 7.
The reason for the delay, according to Equifax, was due to a forensic evaluation performed by an independent cybersecurity firm which provided recommendations for tightened security.
Along with Experian and TransUnion, Atlanta-based Equifax deals with data from more than 820 million consumers and more than 91 million businesses across the globe.