Security

Surprising nobody, lawyers line up to sue the crap out of Equifax

Class actions already piling up against identity theft brokers

By Shaun Nichols in San Francisco

52 SHARE

Less than 24 hours after credit monitors Equifax revealed it had lost the personal data of more than 130 million Americans, two class action suits have been filed.

The suits, separately filed in the Portland, Oregon and North Georgia US District Courts, accuse the credit reporting company of negligence and violations of the US Fair Credit Reporting Act.

Both reference yesterday's disclosure from Equifax that it managed to lose personally identifiable information like social security and credit card numbers when an outside attacker was able to slurp data through a vulnerable web application.

Now, lawyers are lining up to make sure that those who have been exposed in the leak can claim a share of the payout.

The Oregon complaint [PDF] will reportedly seek as much as $70bn in damages for residents of that state alone.

"The exact number of aggrieved consumers in Oregon can be determined based on Equifax's consumer database, estimated at 2,860,000 consumers – about half the population of Oregon," attorneys representing the class argue.

Stand up who HASN'T been hit in the Equifax mega-hack – whoa, whoa, sit down everyone

READ MORE

Meanwhile, the complaint in North Georgia [PDF] has the potential to be even bigger, as the district is home to Equifax's main headquarters in Atlanta. That suit seeks damages not only for negligence, but also for violations of federal and state credit reporting laws.

"Equifax had the resources to prevent a breach, but neglected to adequately invest in data security, despite the growing number of well-publicized data breaches," the complaint reads.

"Had Equifax remedied the deficiencies in its data security systems, followed security guidelines, and adopted security measures recommended by experts in the field, Equifax would have prevented the Data Breach and, ultimately, the theft of its customers' PII."

And if you're convinced things can't get any worse for Equifax, well, just go and check the fine print on the site they have set up to let Americans check if their details were exposed in the leak. The Terms and Conditions would bar users from suing the company.

That caught the attention of New York Attorney General John Schneiderman.

Wall Street isn't particularly thrilled with Equifax either. As of mid-day Friday, the company's stock was down nearly 14 per cent. ®

Sign up to our NewsletterGet IT in your inbox daily

52 Comments

More from The Register

US govt accuses four Chinese army soldiers of hacking Equifax and siphoning 145m Americans' personal info

It was a state-sponsored attack, declares US Attorney General

Tech security at Equifax was so diabolical, senators want to pass US laws making its incompetence illegal

Now Homeland Security committee sticks the boot in

Arrested development: Cops dump Amazon's facial-recognition API after struggling to make the thing work properly

15 months of wrangling and Orlando couldn't even begin testing AI cloud tech for population surveillance

Equifax to world+dog: If we give you this $700m, can you pleeeeease stop suing us about that mega-hack thing?

US senator dismisses cop-out, suggests jail time for execs

We dunno what's worse: Hackers ransacked Citrix for FIVE months, or that Equifax was picked to help mop up the mess

Hardly reassuring on any level

Equifax is going to make you work for that 125 bucks it owes each of you: Biz sneaks out Friday night rule change

Millions likely to get kicked into credit monitoring deal

Quick, get the popcorn: Amazon Web Services says Microsoft's benchmarks for Azure are a load of stripe

Fight! Fight! Fight!

If you want an example of how user concerns do not drive software development, check out this Google-backed API

Comment App detection interface sparks privacy worries

And if you turn to your left, you can see the walls of Amazon Web Services' vast server farm. And next to it, a gift shop and visitor center

We'll stop here so you can browse the shelves for books and toys

Put on your tech specs: Amazon Web Services has joined the Java Community Process

Latest Java-friendly move after Amazon's Corretto OpenJDK distro

Whitepapers

Reduce Redis Enterprise Deployment Cost, Complexity with Intel® Optane™ DC Persistent Memory

Intel and Redis Labs have prepared this kit to help you reduce Redis Enterprise deployments cost and complexity with 2nd Generation Intel® Xeon® Scalable processors and Intel® Optane™ DC persistent memory.

How to Fortify Your Organization’s Last Layer of Security – Your Employees

People impact security outcomes, much more often than any technology, policy or process.

Who Needs Malware?

Learn how fileless techniques work and why they present such a complex challenge.

Detecting cyber attacks as a small to medium business

If security by obscurity is no longer an option, and inaction is a risk in itself, what can smaller enterprises do to protect themselves? Endpoint Detection and Response (EDR) solutions can go a long way towards minimising the level of threat, but they need to be chosen and used in the right way.