Data Breach At Equifax Prompts A National Class-Action Suit

from WaPo

The scenario that personal finance and credit experts feared most about the heist of consumer data from Equifax may already be underway: Criminals are using the stolen information to apply for mortgages, credit cards and student loans, and tapping into bank debit accounts, filing insurance claims and racking up substantial debts, according to a major new class-action suit.

The suit pulls together dozens of individual complaints from consumers in all 50 states plus the District and suggests that cybercriminals aren’t wasting time using the Social Security numbers, credit card accounts, driver’s license numbers and other sensitive personal information they siphoned out of the credit bureau’s reputedly secure databases on 145.5 million Americans.

Filed in federal district court in Equifax’s home territory of Atlanta, the suit is intended to create a single, giant national class action against the company. It alleges violations of federal and state laws and cites claims by more than 50 individual plaintiffs whose information was hacked that significant financial damage already is occurring. A few examples:

More here.

, , , , ,

9 Responses to Data Breach At Equifax Prompts A National Class-Action Suit

  1. Vincent Scorese December 8, 2017 at 7:07 pm #

    As most Americans are aware of by now, one of the three big credit firms Equifax was hacked not too long ago which caused over one hundred forty-three million people to have their personal information such as social security numbers at risk to be compromised. Equifax disclosed the information about the hack last month about this time last week and most people scrambled to see if they got hit or made actions to freeze their credit or credit cards. Equifax has been in the news following all the information in regards to also being under investigation with insider trading. Where top ranked officials sold of lots of stock before they knew the drop was going to come. But more importantly Equifax is now going to be acted against via a class action lawsuit form over 50 complaints from all fifty states across the united states of America. Another major piece of information was that Equifax was using an outdated web service and although they knew it posed a risk of breach, they wanted to not spend the money on a new software and instead got hacked and have all this downfall. So, due to Equifax’s negligence if that is true, surely doesn’t help their situation very much. Equifax wants this to be over but no matter how much the apologize they are going to still have the consequences of this event. All the things that Equifax has done leading up to the breach and even the actions they ha following were highly questionable. Obviously, they are going to most likely lose this class action suit brought up against them due to things like negligence and miss proper handling of situation. They also tried to do some sneaky moves after the breach where they had people see if they were affected by the leak of information they had to concede the right to take any lawsuit against them for damages they suffered from the result of the breach. Which is a very low down move for them to do and they rightfully and quickly removed that from there. But for those who hit accept before they did, they are out of luck however because the law will recognize their agreement as a signature in terms to the agreement of not acting against Equifax for the breach. I believe that most Americans whose information was stolen have suffered in some regard with some sort of monetary damages or even damage to their credit from the use of their social security numbers or credit accounts. I just am hopeful that something like this will never happen this bad or happen ever again.

  2. Michael Polito January 25, 2018 at 6:37 pm #

    When dealing with companies such as Equifax, giving your sensitive information to them usually isn’t a concern. Being one of the biggest firms in the country you should feel safe, but that was not the case when they were hacked. Cyber terrorism has become recently more popular as technology advances. Computers are becoming smarter and so are the people behind the screen using them, the act of stealing sensitive information is becoming too easy. As these people are getting smarter and doing more damaging things too people it is confusing to me how a company like Equifax did not have the cyber security to stop these attacks. As many bad guys as there are out there using computers for theft there are just as many good guys out there with the knowledge on how to fight back against these attacks. As everything moves digital Equifax should know that the sensitive information that their customers are giving them should be a top priority to them so things like this don’t happen ever again. This is not just for Equifax but for every massive corporation out there who is holding personal information for people. As it stated in the article there are many people whose lives are being ruined through fraud. Once the person starts using that card and destroying your credit it is very difficult to restore it.
    Equifax is a huge business and one that people trust because of a good reputation. It seems like a company like this has unlimited funds to upgrade anything they need but something so catastrophic like this can still happen. With that being said with all this money something should be done so that this never happens again. As I said before there are so many people in this world who can help these companies by creating some kind of unbreakable files that no one can get into so that these hackers cannot get in and steal people’s information. It is not that hard to hire a team of people who combined have the skills to stop an attack like this before it happens or even while it is happening. I do not blame people who won’t give out personal information over the phone or over the computer because you do not know what will happen with it anymore. Getting your credit card information, social security, and even driver license number is becoming too easy for these criminals and this is an example of what can happen if it is not completely secured from people. It can be just as easy to stop these people just as it is easy for them to get this info. These types of things will happen again and more people will suffer from these companies neglect to protect their customers information. As the internet and computers become more evolved this will start to become a regular thing unless companies, especially ones who hold personal sensitive information, start to advance their defense against these cyber-crimes. These people deserve all the money they lost back but unfortunately there are too many people in the class action suit to reimburse all of them. This is unfortunate because the only fault these people were at was trusting this company with their information and even then they had no way of knowing that this would happen.

    • Jacob Abel January 26, 2018 at 6:51 pm #

      I agree with most of your points. It seems as though the burden to protect ones information is going to fall on the individual, as companies can’t seem to do it. The bad guys, as you call them, always seem to be ahead of these companies and their defenses though. These people do deserve some sort of justice and Equifax should be punished.

  3. Jacob Abel January 26, 2018 at 6:47 pm #

    The hacking of personal data at Equifax seems to be the latest and worst case in the long line of cases in which individuals personal information was stolen. Given that this hack effected nearly 140 million Americans, it begs the question is any of our most personal information ever actually safe? The company seems to have fallen into complete incompetency given that it was warned that its serves were vulnerable and they still did not take action. It seems that no company or even our own government for that matter is safe from hackers.
    On the matter of the class action law suit, it would be a big blow to all Americans if the personal lawyers of all the victims are not able to secure a positive ruling. If Equifax is able to get by without having to seemingly answer to its clients for its massive shortcomings in security, then what kind of message does that send? While some of the top level executives from the company have appeared before Congress there is no guarantee that any positive action will come out of this. These people clearly deserve justice however as the author states fraud cases can be difficult to prove.
    Given the new reality of the large amount of vulnerability that our personal information is under in today’s age it seems that hackers can truly destroy the lives of any person. hacking a become a billion dollar industry and if these individuals can simply hack the companies that are supposed to protect our information then any other security measure seems absolutely pointless. Given that home buyers are at significant risk, then one has to ask if the other large finical institutions such as Bank of America, where people get mortgages from are at risk as well?

  4. Ryan Mack January 26, 2018 at 8:11 pm #

    Cybersecurity has been a growing field over the past decade and will continue to grow over the next. More times than we would like, data breeches or hacks at stores and financial institutions are reported in the news. The ability to open bank accounts and take out loans online has contributed to the increased rate of fraud. Many people are now afraid that putting their credit card in online subscriptions or services such as iTunes or Netflix could lead to their cards getting hacked and stolen. The issue with this is that it can get stolen anyway, as long as you have a credit card. Besides your information being with the bank, when you use your credit card in a brick and mortar store, its recorded in the store’s database. The only real solution to keeping our personal information safe in companies’ hands is for them to have the most advanced cyber security. Equifax failed to do this and they ended up losing the personal and sensitive information of 145.5 million people, almost half the population of the United States. Thieves are now opening up and charging credit cards, taking out mortgages and student loans, and filing fraudulent insurance claims in people’s names thereby destroying their financial stability and creditworthiness. Several of those seriously affected by the data breach have filed a class action lawsuit against Equifax claiming negligence in failing to upgrade protocols, and take care to not leave encryption keys on servers thus making it easier for the criminals to access. Equifax was even rated to have had poor security and been estimated that the probability of an incident was 50 percent. Plaintiffs also claimed that both federal and state laws were violated including the Fair Credit Reporting Act and the Federal Trade Commission Act among numerous state consumer protection laws. I would support the lawsuit although it could be hard to prove. People who are affected are suffering financial damage and are going through some pretty tough headaches canceling cards, freezing files and accounts and sorting out the fraudulent charges, stuff I wouldn’t want to deal with. The internet has become more than something to communicate on or play games. It has real economic effects. Criminals and cyberterrorists are constantly trying to bring down our economy and even our power grid. Cybercrime is a real threat that we face every day, though many don’t even know it, and we should be able to trust companies like Equifax to keep our information safe.

  5. Jerry Wu January 29, 2018 at 9:31 pm #

    When it comes to cybersecurity, we see as a safe haven for all our data and files on our personal devices. Over the past several years, it has continued to grow, just as the amount of data breeches and hack has continued to rise as well. The people behind these breeches have the ability to open other’s personal accounts and valuable information, which is now known as fraud. Since the number occurrences has risen, many people are now afraid to enter personal information and credit card numbers on online sources. The main issue with this situation is that no one is every safe with their personal information, no matter how much one protects it.
    The only logical solution to solve this issue is to have the most high-tech cybersecurity software, which is something that people can only dream of at this point in time, as technology continues to progress. In the case of Equifax, they have failed to secure the most personal and sensitive information of almost 150 million people, which is pretty much half of the United States population. With poor security such as this, thieves will be able to continue going about their criminal activity online, which can cause serious financial damage.
    As a threat that many people encounter every day, we should be able to trust companies such as Equifax, but not with the low amount of security that they have had.

  6. Connor Wiedeman February 1, 2018 at 9:09 am #

    Large consumer data hacks are something that is happening all too frequently in the recent years. For example: Target, eBay, Yahoo, and Equifax have all fallen victim to hackers breaking into their consumer information databases. This is absolutely a problem that we have to worry about, considering that we are potentially vulnerable to identity theft and credit card fraud after these breaches surface. The question that I am left wondering after reading this article, is what are people supposed to do once their information is taken. What is the next step for someone who is put into a situation like this? Besides jumping on board a class action law suit, people need to take precautions to protect themselves from data breaches such as the Equifax breach.
    When you sign up for accounts online with companies such as Equifax, you aren’t very worried that your information is in peril. This data breach proves that these breaches can happen to any company. It shows that no database is “completely secure”, no matter how big the company is or how much money they are making. That fact that this type of breach can happen to any company company, it makes me think that we need to do something different, something better, to protect data and servers. Perhaps hacking skills and technology are simply more developed and advanced than our knowledge of cyber defense and fire walls. This leaves us with one option, to improve on our cyber defense until we can confidently make the claim that our consumer data is actually protected.
    If people feel that they are putting themselves at risk by using services such as Equifax, eBay, and Yahoo, then they are left with a tough decision. They can either use these services while knowing their information could be at risk, or they can choose not to use these products even though they are very useful. People should not have to feel this way or make this decision, we need to find a way to better protect consumer information. The question I would like answered is why does Equifax, a credit company that holds extremely sensitive information on hundreds of millions of Americans, not have the highest most advanced cyber security system? And if it does, is it not a frightening thought that somebody was able to walk right past it and gain access to this information? With this being as big of a problem as it is, I believe that in the near future more resources and people will be allocated towards finding the answer to these cyber attacks, especially with big governments also facing problems with cyber attacks. We saw in the most recent election how cyber attacks and leaking stolen emails really shaped the election in a lot of ways and swayed many people to other sides. While this can sometimes be used to uncover scandals, it can also be used to mislead and deceive the people. Given all of the information that companies and governments store on database, you would think that developing a very strong cyber security would be a top priority.

  7. Mary Margaret Miller February 7, 2018 at 9:42 pm #

    In this case, more than fifty plaintiffs have come forward and are bringing Equifax to court over their identity being manipulated and/or stolen. Some of their customers gained a bad credit score, while others had their livelihood’s heavily impacted. Some believe this mass form of identity theft could have originated within the company being that they earned over $1.8 billion in stocks in the days that followed the breach. The trading that occurred may have had something to do with the breach, which is why the breach will be investigated further. Many of the company’s executives have also stepped down, as they refused to comment or go up against the Supreme Court to be further interrogated.
    According to an article by Dante Disparte from Forbes, Disparte claims that Equifax must and should offer compensation to those customers who were affected by the breach. Equifax claims that their customers who had their credit scores altered due to fraudulent transactions were given a “freeze on their score.” Although this is a temporary fix, Equifax must investigate all false charges that were made and offer proper compensation to each of their customers affected. Few have claimed loans have been taken out in their names, along with mortgages and other purchases. Simply putting a “freeze” on someone’s credit score is not going to do them much good. If someone who previously had a good credit score and now has one that is frozen at a low score, they will not be able to apply for a loan or mortgage. Although this may be a timely process to determine who and how many have been affected, only fifty customers affected by the breach have come forward to sue. A company of this stature should have had a higher-level security system that would have been able to detect when fraudulent transactions were occurring. Thus investigators are trying to pinpoint if this breach was from someone within the company.
    Legislators are investigating the matter at hand, and are trying to determine what type of legislation should be enacted or altered to protect the rights of a person’s personal information. Moreover, Equifax is in violation of the Federal Reporting Act, as they were not protecting the rights of their consumers from other parties in the greatest way possible. This gave hackers easy access to encrypt data from Equifax’s databases. Due to the $1.8 billion in stocks being sold after the breach, many feel there may be a correlation between the amount of stocks sold and the overall breach, which will also put the company at greater fault. This is a highly plausible cause, and the only way to official determine the truth is to be further investigated by the United States.
    Disparte, Dante. “The Equifax Breach And The Case For Digital Identity.” Forbes, Forbes Magazine,
    2 Oct. 2017,

  8. Abeeda Razack February 9, 2018 at 6:55 pm #

    Cyber security has been around since the 1900s. However, more recently, there have been increased cases of stolen card information and other confidential information. Over the past five years, we have seen numerous companies in the United States have their systems hacked as a result of poor cybersecurity practices. It is vital for companies to adapt and implement regulatory policies that protect the data of its customers. Every company should have a complete understanding of the internal and external factors which can affect the security of its data along with that of its customers. In addition, it is necessary for management to develop protocols which intertwine with the culture of the company and overall business strategy. Companies should educate their employees on warning signs, safety practices and solutions for potential invasions. At its least, management should ensure that its employees use complex unique passwords. The password method is claimed to be the weakest measure of securing information. In a recent research, Verizon found that 63% of data breaches were caused as a result of weak or stolen passwords. Companies should be aware of the various methods hackers use to gain access to personal and sensitive information. In addition to using unique and complex passwords, companies should add a two-step verification process which adds another tier to their security tower. It is extremely important for companies to keep abreast with software updates. Frequently, companies delay the process of updating existing software but such a delay affects the operations of the business in a negative manner. By delaying software updates, companies create opportunities for hackers to steal personal and confidential information. Software updates are important because they patch flaws in security software. Equifax failed to update software applications therefore, creating pathways for hackers to access data belonging to 143 million consumers. It is vital for companies to select the auto-update option in order to protect their data from being hacked. Moreover, it is important for companies to install intrusion detection tools which monitor networks for malicious activities or policy violations. An intrusion detection tool notifies the company immediately when its system is being breached. Employees should be responsible for tracking intrusion detection tools. Furthermore, companies should utilize firewall technology to protect themselves from possible data breaches. Firewalls are programs which act as barriers to keep destructive elements out of a specific network. It is similar to a physical firewall in that there are security measures put in place to prevent potential computer attacks. As cybercrime continues to climb the ladder, protectionist measures should be implemented to combat such threats. Companies need to be one step ahead of hackers in order to protect consumer data. Recently, the European Parliament agreed on the General Data Protection Regulation which protects the data of EU citizens. The purpose of this regulation is to implement a uniform data security law for all EU members. However, any company that offers goods and services to EU residents are subjected to this regulation regardless of the company’s location. The requirements of this regulation may become a stepping stone for best practices in the United States.

Leave a Reply