ShareThis Page

Equifax hit with at least 23 class-action lawsuits over massive cyberbreach

| Monday, Sept. 11, 2017, 6:45 p.m.
Equifax said it has made changes to address customer complaints since it disclosed a week earlier that it exposed vital data on about 143 million Americans. Equifax has come under fire from members of Congress, state attorneys general, and people who are getting conflicting answers about whether their information was stolen.
Equifax said it has made changes to address customer complaints since it disclosed a week earlier that it exposed vital data on about 143 million Americans. Equifax has come under fire from members of Congress, state attorneys general, and people who are getting conflicting answers about whether their information was stolen.

Equifax faces at least 23 proposed class-action lawsuits since its disclosure that personal identifying information for 143 million U.S. consumers may have been compromised by a massive cyberbreach.

And additional cases are likely to come.

Federal court records show the lawsuits were filed through the weekend after the credit-reporting giant's Thursday disclosure that a cyberattack by criminal hackers provided unauthorized access to information for nearly 44 percent of the U.S. population.

Separately, Sens. Orrin Hatch, R-Utah, and Ron Wyden, D-Oregon, respectively the chairman and ranking member of the Senate Committee on Finance, sent Equifax detailed questions about the breach on Monday.

A copy of the letter, reviewed by USA Today, shows the panel wants a detailed timeline of the breach, information about the company's efforts to identify the number of consumers affected, the breadth of information compromised and the steps Equifax has taken to identify and limit potential consumer harm.

The relatively large number of new lawsuits against Equifax that seek class-action status signal the high legal stakes over the potential for identity-theft losses by millions of Americans whose personal data was exposed.

The cases also show an eagerness by plaintiff law firms to stake swift claims on behalf of consumers who eventually might be in line for a share of either a court judgment against Equifax or a settlement by the company.

"Equifax probably injured 143 million people, which is kind of a record," said John Coffee, a Columbia Law School professor and director of the school's Center on Corporate Governance. Although the extent of the damage hasn't yet been determined, "with 143 million people it doesn't surprise me there are already 23 suits," said Coffee.

Equifax did not respond to emails seeking comment on the cases. However, the company acknowledged last week it expects costs related to the cyberattack. Shares of Equifax closed down 8.2 percent at $113.12 in Monday trading, extending Friday's nearly 13.7 percent plunge.

Unknown hackers carried out the cyberattack out from mid-May through July 2017. The resulting breach primarily involved names, Social Security numbers, birth dates, addresses, and in some cases, driver's license numbers, Equifax said last week.

The company said it discovered the intrusion on July 29, but it first disclosed the attack publicly on Sept. 7, after engaging an independent cybersecurity firm to conduct a forensic assessment and provide recommendations to toughen electronic security safeguards.

The Atlanta-based firm is one of the nation's three largest credit-reporting and monitoring firms, along with Experian and TransUnion.

Equifax organizes and analyzes data on more than 820 million consumers and more than 91 million businesses worldwide. The company's databases hold employee data submitted by more than 7,100 employers.

TribLIVE commenting policy

You are solely responsible for your comments and by using TribLive.com you agree to our Terms of Service.

We moderate comments. Our goal is to provide substantive commentary for a general readership. By screening submissions, we provide a space where readers can share intelligent and informed commentary that enhances the quality of our news and information.

While most comments will be posted if they are on-topic and not abusive, moderating decisions are subjective. We will make them as carefully and consistently as we can. Because of the volume of reader comments, we cannot review individual moderation decisions with readers.

We value thoughtful comments representing a range of views that make their point quickly and politely. We make an effort to protect discussions from repeated comments either by the same reader or different readers

We follow the same standards for taste as the daily newspaper. A few things we won't tolerate: personal attacks, obscenity, vulgarity, profanity (including expletives and letters followed by dashes), commercial promotion, impersonations, incoherence, proselytizing and SHOUTING. Don't include URLs to Web sites.

We do not edit comments. They are either approved or deleted. We reserve the right to edit a comment that is quoted or excerpted in an article. In this case, we may fix spelling and punctuation.

We welcome strong opinions and criticism of our work, but we don't want comments to become bogged down with discussions of our policies and we will moderate accordingly.

We appreciate it when readers and people quoted in articles or blog posts point out errors of fact or emphasis and will investigate all assertions. But these suggestions should be sent via e-mail. To avoid distracting other readers, we won't publish comments that suggest a correction. Instead, corrections will be made in a blog post or in an article.