In Equifax’s favor is the fact that some of these companies may decide that litigation that will draw them into the public fray in a way that is just not worth it. Indeed, any company that uses personal data to authenticate the identity of customers should now be assessing whether it can sufficiently protect against impersonators in the wake of this kind of large-scale data dump. The vast scope of the breach has companies worried about the effect the incident could have on them, and about whether it could put their own customer or employee information at risk. While consumer outrage has understandably generated most of the publicity, lenders and other corporations are quietly analyzing their Equifax contracts and assessing the potential damage to their own organizations. It’s likely that Equifax will argue that, in terms of protecting the data it collected, it did not have any obligations to the affected individuals, with whom it had no direct relationship, but rather that its obligations were only to its corporate customers.Īnd unlike in other data breaches, which have primarily led to consumer class-action suits, Equifax faces questions from its corporate customers, too. Virtually all data breach litigation has been brought by aggrieved consumers who claim they suffered harm after they gave their personally identifiable information directly to a company that got hacked. It will make getting past the pleading (or motion to dismiss) stage even more difficult for some classes of plaintiffs. That consumers in most cases do not provide this sensitive information directly to Equifax will raise a number of interesting legal questions in the class-action litigation. The breadth of the information held, and thus potentially compromised in the recent breach, is staggering. In other words, if you have ever borrowed money or been extended credit, then Equifax (along with Transunion and Experian, the other bureaus) was probably given your most sensitive personal information by a third party - information such as your date of birth, Social Security number, financial details, and credit score. It collects personal information - often without people’s direct knowledge - from credit card companies, banks, mortgage lenders, and any other entity that extends credit. Equifax is one of the three major credit bureaus in the United States. And Canadian and British regulators are commencing their own probes. Both houses of Congress are demanding information Equifax’s CEO is expected to testify in the coming weeks. It is also under investigation by the Federal Trade Commission for unfair and deceptive trade practices, the Department of Justice for insider trading, and at least 32 other state attorneys general. At the time of this writing, the credit bureau has been named in more than 50 class-action lawsuits (two were filed within hours of the announcement) and a lawsuit filed by the Massachusetts attorney general. But a couple of key facts give Equifax its own watershed moment in the sordid history of data breaches: (1) Many of the 143 million people affected may not have given their sensitive information directly to Equifax and (2) Equifax holds a special place at the core of the personal information and cybersecurity ecosystem.Įquifax finds itself in a crosshairs not seen since the 2013 Target breach the legal and regulatory repercussions are coming at record speed. It isn’t the largest (that would be the 2016 Yahoo breach, with over one billion accounts affected), the most embarrassing (Ashley Madison, the affair website), or the one that raises the most national security concerns (North Korea’s hack of Sony). We assume our personal information has been compromised in some way, take reasonable precautions like canceling a credit card or instituting credit monitoring, and move on with our lives. People have become numb to these announcements. Down the road you might read about a government inquiry or a class-action suit being settled. A major company announces it has been hacked, a brief public outcry ensues, and then… not much happens. After years of screaming headlines about data breaches, we all know the drill.
0 Comments
Leave a Reply. |