Equifax hit with at least 23 class-action lawsuits over massive cyberbreach
Equifax faces at least 23 proposed class-action lawsuits since its disclosure that personal identifying information for 143 million U.S. consumers may have been compromised by a massive cyberbreach.
And additional cases are likely to come.
Federal court records show the lawsuits were filed through the weekend after the credit-reporting giant's Thursday disclosure that a cyberattack by criminal hackers provided unauthorized access to information for nearly 44 percent of the U.S. population.
Separately, Sens. Orrin Hatch, R-Utah, and Ron Wyden, D-Oregon, respectively the chairman and ranking member of the Senate Committee on Finance, sent Equifax detailed questions about the breach on Monday.
A copy of the letter, reviewed by USA Today, shows the panel wants a detailed timeline of the breach, information about the company's efforts to identify the number of consumers affected, the breadth of information compromised and the steps Equifax has taken to identify and limit potential consumer harm.
The relatively large number of new lawsuits against Equifax that seek class-action status signal the high legal stakes over the potential for identity-theft losses by millions of Americans whose personal data was exposed.
The cases also show an eagerness by plaintiff law firms to stake swift claims on behalf of consumers who eventually might be in line for a share of either a court judgment against Equifax or a settlement by the company.
"Equifax probably injured 143 million people, which is kind of a record," said John Coffee, a Columbia Law School professor and director of the school's Center on Corporate Governance. Although the extent of the damage hasn't yet been determined, "with 143 million people it doesn't surprise me there are already 23 suits," said Coffee.
Equifax did not respond to emails seeking comment on the cases. However, the company acknowledged last week it expects costs related to the cyberattack. Shares of Equifax closed down 8.2 percent at $113.12 in Monday trading, extending Friday's nearly 13.7 percent plunge.
Unknown hackers carried out the cyberattack out from mid-May through July 2017. The resulting breach primarily involved names, Social Security numbers, birth dates, addresses, and in some cases, driver's license numbers, Equifax said last week.
The company said it discovered the intrusion on July 29, but it first disclosed the attack publicly on Sept. 7, after engaging an independent cybersecurity firm to conduct a forensic assessment and provide recommendations to toughen electronic security safeguards.
The Atlanta-based firm is one of the nation's three largest credit-reporting and monitoring firms, along with Experian and TransUnion.
Equifax organizes and analyzes data on more than 820 million consumers and more than 91 million businesses worldwide. The company's databases hold employee data submitted by more than 7,100 employers.