Equifax was reckless in its handling of sensitive data concerning millions of U.S. residents and their finances, a class-action lawsuit filed against the credit-monitoring corporation alleges.
The lawsuit, filed last week in an Atlanta federal court, is one of 23 similar lawsuits filed on behalf of plaintiffs nationwide who allege they suffered financial harm because of Equifax’s failure to keep consumer information secure.
According to the Tribune News Service, the lawsuit filed in Atlanta faults Equifax for “gargantuan failures to secure and safeguard consumers’ personally identifiable information … and for failing to provide timely, accurate and adequate notice” to those who were affected by the breach, which exposed the names of U.S. consumers and their social security numbers, dates of birth, addresses, driver’s license numbers, and other information.
Lead plaintiffs are Brian F. Spector of Florida and James McGonnigal of Maryland. They claim the Equifax breach exposed their personal and financial information to identity thieves. Mr. McGonnigal alleges he has “recently had four credit accounts opened in his name without his authorization,” Tribune News Service reported.
Many of the lawsuits raise questions about Equifax’s disclosure of the breach, which occurred in mid-May and continued unabated through July. Although Equifax reportedly detected a breach on July 29, it waited more than a month to disclose the failure.
“The Atlanta lawsuit seeks statutory damages under the federal Fair Credit Reporting Act and state statutes and other out-of-pocket losses and compensatory damages, as well as ‘more robust credit monitoring services with accompanying identity theft insurance,’” Tribune News Service reported. The plaintiffs also seek a court order requiring Equifax to improve its data security.
Approximately 143 million U.S. consumers had their credit information compromised in the breach, making it one of the largest and most potentially destructive hack jobs ever. The breach affects the majority of adults in the U.S.
Equifax also faces criticism over the website it set up where U.S. citizens can check to see whether they were affected by the hack. According to various reports, the website, which is hosted by Equifax’s TrustID security service, tells people seemingly randomly whether they’ve been affected by the breach, possibly because the company is trying to get them to enroll in its subscription security service or because it simply doesn’t work.
The company also required those who enrolled in its TrustID service to waive their rights to sue for breach-related damages by including a mandatory arbitration clause, but that requirement seems to have been dropped.