The Equifax Data Breach Lawsuit
Following the data breach scandal that left millions of credit and identity records vulnerable, the lead plaintiff in the Equifax data breach lawsuit filed suit against the Company. In this article, we’ll look at what the lawsuit focuses on the Company’s “dangerously deficient” cybersecurity, the deceptive marketing tactics it used to entice consumers with a free credit monitoring offer, and the failure of the Company to notify victims of the data breach.
Equifax data breach lawsuit settles
In July of 2019, the Federal Trade Commission announced that Equifax had agreed to settle a class-action lawsuit relating to a massive data breach that exposed the personal information of 147 million Americans. While the company did not admit or deny wrongdoing, it was still liable for the data breach. Nonetheless, the company settled and extended free credit monitoring to victims and the affected population. Listed below are some of the benefits that are included in the settlement.
As part of the settlement, Equifax agreed to pay $300 million to $425 million in damages, as well as $125 million to create a supplemental fund to reimburse consumers for the out-of-pocket expenses associated with the data breach. The money will also cover the cost of freezing and monitoring credit as a result of the breach. The agreement is the latest development in a massive legal battle between the companies. The Equifax data breach lawsuit has been causing a lot of controversies, but the recent settlement will bring relief to affected consumers.
Equifax’s cybersecurity was “dangerously deficient”
The report found that Equifax’s cyber protections were “dangerous deficient” and its systems and practices were ill-equipped to prevent data breaches. In addition to not having an adequate cybersecurity regime, Equifax failed to encrypt personal information in its custody. That means that any cyber attacker who was able to gain access to this data could see any private information in its database.
Plaintiff argues that the statements made by the Defendants were false or misleading and that they had not closely monitored the company’s cybersecurity and systems. The Defendants argue that Plaintiff failed to show that they were aware of cybersecurity deficiencies and that the only evidence Plaintiff has is the alleged criminal attack against Equifax. However, the Defendants’ statements about cybersecurity are too general to establish that the Defendants knew of the weaknesses. Rather, it is more likely that the Individual Defendants were negligent in failing to follow proper cybersecurity and data security procedures.
The company deceived consumers with a “free” credit monitoring offer
The recent breach of Equifax’s data has led to a massive consumer backlash, and now, the company has agreed to compensate victims of the breach with up to $700 million. The settlement would include up to $425 million in monetary relief for consumers, and $100 million in civil money penalties. Before the Equifax settlement can go into effect, the U.S. District Court in Atlanta must approve the terms of the settlement.
The Chicago complaint alleges that Equifax misled consumers into signing up for a subscription service by falsely advertising free credit score reports and other credit-related products. Once consumers signed up, they were automatically enrolled in a subscription program and charged recurring fees of $16 or more per month. This billing structure, known as the “negative option,” violated the Fair Credit Reporting Act, which requires credit reporting agencies to provide a free credit report to consumers once every 12 months.
Company’s failure to tell consumers about the data breach
A lawsuit claiming that Equifax failed to properly notify consumers about a data breach could be filed under the Fair Credit Reporting Act (FCRA). The act prohibits companies from deceiving their customers, so failing to tell consumers about a data breach is negligence per se. But failure to protect consumer information can amount to unfair competition in commerce. Therefore, a plaintiff must establish that the company’s failure to notify consumers about a data breach was foreseeable.
A recent investigation by the Federal Trade Commission and the Department of Justice suggests that Equifax failed to properly inform consumers about the data breach, and the company may be held to a higher standard than the FTC or the Department of Justice. Nonetheless, plaintiffs may be able to leverage the privacy concerns of large companies to leverage Equifax’s failure to warn consumers. However, they may face difficulty proving that they have suffered a loss as a result of the breach, and their lawsuit may be dismissed if the plaintiffs fail to meet the legal standard for standing.
Company’s failure to upgrade its technology
A pending class-action lawsuit against Equifax claims the company failed to properly upgrade its technology, leading to multiple breaches of sensitive consumer data. Hill accuses Equifax of ignoring security updates and delaying investment in new systems. The company accumulated outdated systems, which contributed to previous data breaches. Moreover, it took the company’s leadership too long to respond to reports of software flaws.
The Equifax breach exposed millions of personal information. The breach exposed names, social security numbers, physical addresses, and other information. As a result, the personal information of 145.5 million people could have been stolen. Those who were affected can file a lawsuit against the company to seek damages for identity theft and other fraud. This lawsuit is intended to encourage companies to upgrade their technology. But what should Equifax do?