The Equifax Data Breach: What You Can Do about the Hack
By now you probably know all about the egregious Equifax hack that affects over 145 million Americans, half of the people of legal age in the United States, but you may not know your legal rights. There is a more than likely chance that your most sensitive information – the same information you strive to keep from identity thieves – has fallen into the wrong hands. Just because you are no longer reading about the Equifax breach every day does not mean the danger is over. Once information such as your social security number is out there, it stays out there. Criminals could be selling it on the ‘dark web’ to other criminals for years to come. In addition to stealing identity and financial information, the criminals stole credit card numbers of 209,000 people and personal identifying information of 182,000 people with credit reporting disputes.
Recap of the Equifax Data Breach Crisis
Equifax, TransUnion and Experian are credit reporting firms that gather your most sensitive financial and identity information and sell it to banks, lender, retailers and really any institution that wants to verify your credit and your identity. They do this without your permission. Information includes your credit history, social security number, driver’s license number, addresses, and birth date among other things.
Equifax discovered the breach July 29, 2017, even though it began in May of that year. Equifax waited more than a month before revealing the hack on September 7, 2017. Knowing about the breach, but before the breach was made public, three Equifax executives sold $1.8 million in Equifax shares on August 1 and 2 of 2017. Needless to say, this raised questions of SEC violations on top of everything.
The breach would have been completely preventable with the most basic of security measures. Equifax failed to install a server software patch that was released the same day as a version release on March 7, 2017. This is what enabled criminals to steal the private data of half the adults in the country a full two months later.
What You Can Do about the Equifax Breach
You would think given its negligence, that Equifax executives would have informed those who were affected by the breach so they could protect themselves. They haven’t. Equifax ignored the 143 million people whose private information was stolen, and only contacted the 209,000 people whose credit card numbers were taken and the 182,000 whose credit history report records were revealed. To find out if your sensitive information was stolen, you can go to a website Equifax has set up at https://www.equifaxsecurity2017.com/. Even after setting that site up, for a year, Equifax redirected people from that site to one that offered free monitoring of their Equifax credit information for a year. Consumers had until November 21 to sign up. However, the fine print said that users could not go to court and had to use arbitration to settle disputes. Due to public outrage over this attempt to further strip consumers of their rights, Equifax then permitted consumers to opt out of the arbitration clause in writing and within 30 days. Although Equifax later claimed the arbitration clause only applied to the free credit monitoring and not the security breach, it is unclear whether that was true.
For monitoring to be effective, you really need to sign up for credit monitoring service for all three of the big credit reporting agencies: Equifax, TransUnion and Experian. Of course, it won’t be free.
Freeze Your Credit Files
Monitoring your credit is only going to inform you that criminals are using your information after the damage has been done. It’s far more effective to freeze your credit files with all three of the big agencies. Freezing your credit files stops the agencies from giving a credit report to any company except those where you are already a customer. You’ll have to pay for that, however, even at Equifax. If you want a lender to have your information, then you will need to go through the time and expense of unfreezing your files.
Get Fraud Alerts
You can get fraud alerts from all three of the big credit agencies for free.
Can I Sue Equifax?
The answer to whether you can sue Equifax is “yes, but the outcome is uncertain.” If you sue Equifax alone, it could be quite expensive. If you join a class action suit, the expenses of the lawsuit will be spread out over many other plaintiffs (i.e., many other people who have also filed lawsuits), but you could get less compensation if you win. Over 240 class action lawsuits were filed from the time the breach was announced until September 30, 2017. The Massachusetts Attorney General has filed suit against Equifax on behalf of three million residents of the state. San Francisco is the first city to sue Equifax on behalf of some affected consumers. San Francisco has asserted that Equifax violated California law by failing to implement reasonable security measures and not providing timely notice of the breach.
The Senate voted on October 24 on a bill that passed the House in July to strike 82 FR 33210, a federal rule covering arbitration agreements. The rule in question was entered into the Federal Register by the Bureau of Consumer Financial Protection in July. Its purpose was to stop financial companies from preventing consumers from suing in class action suits through the use of binding arbitration clauses. This law covered just the kind of arbitration clause that Equifax used for consumers who were sent to the free monitoring service when they tried to check if they were victims of the breach. Because Equifax has voluntarily limited the scope of its arbitration terms, it is as yet unclear how striking this law down impacts lawsuits against Equifax. Equifax claims the action will not stop consumers from suing over the security breach.
How Can Equifax Be Allowed to Stay in Business?
Equifax is being investigated by federal government entities and 40 states. But as it happens, Equifax is incorporated in Georgia. It is possible for the Georgia Attorney General to file a lawsuit to dissolve a corporation if it “has continued to exceed or abuse the authority conferred upon it by law.” When a company builds and maintains databases of sensitive financial information without the permission of the people involved and then negligently and recklessly leaves that information open to thieves, dissolving the Equifax corporation may be something the Georgia Attorney General wishes to consider.
Consult with a Georgia Attorney
If you feel your private data has been compromised, we at Butler Tobin would be happy to advise you of your options. Don’t hesitate to call us for a consultation.