Equifax Faces $70 Billion Lawsuit
Written by Kevin L Mabry | Monthly Security Brief, Newsletter Topics, Tech News
0
Most everyone has heard something about the Latest breach of Equifax. Here is some of the latest information.
The massive Equifax data breach has already led to the filing of more than 30 lawsuits seeking class-action status. One of the lawsuits, filed in Portland, Oregon, is demanding up to $70 billion in damages. The lawsuits are just one measure of the fury generated by Equifax - one of the three biggest U.S. data brokers - revealing Thursday that it suffered a breach, beginning in May, that exposed to hackers 143 million consumers' personal details, including information that could be used to commit identity theft. In its alert issued Thursday, Equifax said that it discovered the breach July 29 and launched a website that consumers can use to see if their data was exposed. The company is offering all U.S.Seeking Justice
Numerous security watchers have called for Equifax to publicly atone for the breach - and do so quickly - and have called on anyone who has a choice of data brokers to immediately stop working with Equifax. Some also want to see Equifax CEO Richard Smith ousted. "Smith should resign. If he does not, his board should fire him," says information security expert William Hugh Murray, who's a senior lecturer at the Naval Postgraduate School. Three other Equifax executives sold stock in the company after it learned of the breach, but before it issued a public notification (see Equifax Breach: 8 Takeaways). The U.S. Securities and Exchange Commission declined to comment to ISMG about whether it will investigate the timing of those stock sales. Equifax has released a statement saying that the executives - including its chief financial officer - had been unaware that the breach had occurred when they sold shares. Murray, meanwhile, recommends the three "resign and flee the country before the Feds come after them for insider trading." And for good measure, he adds, "the CISO should update his resume." As ISMG has previously reported, however, that job position was, until recently, being advertised as vacant.Lawsuit Seeks Up to $70 Billion
Equifax already faces multiple lawsuits over the breach, including one filed in Oregon by Mary McHill from Portland and Brook Reinhard from Eugene. Their lawsuit seeks class-action status on behalf of everyone affected by the breach and demands damages of as much as $70 billion. It was filed by law firm Olsen Daines PC, together with Geragos & Geragos, which Bloomberg reports is a law firm known for launching splashy, high-octane class actions. "This complaint requests Equifax provide fair compensation in an amount that will ensure every consumer harmed by its data breach will not be out-of-pocket for the costs of independent third-party credit repair and monitoring services," according to the complaint. Reinhard, for example, says that he spent $19.95 to buy "third-party credit monitoring services he otherwise would not have had to pay for." The lawsuit also alleges that Equifax failed to invest sufficiently in its information security program. "In an attempt to increase profits, Equifax negligently failed to maintain adequate technological safeguards to protect [individuals'] information from unauthorized access by hackers," according to the complaint. "Equifax knew and should have known that failure to maintain adequate technological safeguards would eventually result in a massive data breach. Equifax could have and should have substantially increased the amount of money it spent to protect against cyberattacks but chose not to." Many breach-related lawsuits, however, have failed, with the cases often being dismissed because plaintiffs failed to prove they suffered unreimbursed financial losses (see Why So Many Data Breach Lawsuits Fail).
Leave a Comment