If you believe that your personal information was released to hackers and potential criminals as a result of the Equifax data breach, you may have a legal claim against the company. This is especially true if you have been a victim of identity theft in the last few months since the breach occurred.
Our firm has filed a lawsuit against Equifax seeking class action status in Atlanta, the company’s headquarters. We have asserted claims of negligence and a violation of the Georgia Fair Business Practices Act against the company. We are representing consumers in Georgia and across the country who have already been harmed by Equifax’s lack of adequate security measures.
When criminal hackers exposed a flaw in Equifax’s cyber security network, they gained access to the personal and financial information of 143 million Americans. Names, birth dates, addresses, Social Security numbers, driver’s licenses and over 209,000 credit card numbers were stolen.
The data breach affected 44% of the population, so there is a good chance that your information has been compromised. Worse, you may still be vulnerable to damages arising from the breach. Equifax’s response has been underwhelming, to say the least. Not only did Equifax delay disclosing the breach to consumers for nearly six weeks, during which their executives sold $1.8 million in stock, but the website Equifax set up to help consumers respond to the breach lacked standard security features. The website, equifaxsecurity2017.com, requires that consumers enter their last name and last six digits of their Social Security number to find out whether they were affected by the breach. Essentially, Equifax put U.S. consumers in jeopardy and is now asking them to trust the company again with their private information.
Fortunately, consumers do not have to rely on Equifax to make them whole, as the courts exist to provide consumers an independent avenue for relief. In the recent past, consumers have vindicated their rights in court after corporate mismanagement resulted in the theft of consumer information.
For example, cyber-attacks against Target and Home Depot in 2013 and 2014, respectively, gave hackers access to millions of addresses, phone numbers, and credit card numbers. In class action suits against Target and Home Depot, consumer forced those corporations to pay tens of millions of dollars in damages, and millions more to improve their security measures. Consumers in those cases charged the corporations with negligence, arguing that Target and Home Depot’s negligent handling of consumer information gave hackers a ripe opportunity to breach their cyber networks.
Consumers affected by the Equifax breach can also raise a negligence claim against Equifax. Because Equifax’s business involves handling the sensitive consumer information of hundreds of millions of Americans, the agency has a legal duty to protect that information and take reasonable steps to prevent foreseeable theft of that information. This is especially important for a credit reporting agency to do because consumers often have no idea what personal and financial information credit reporting agencies possess. In this case, hackers exploited a vulnerability in Equifax’s website to gain access to private consumer information. That, and frequent cyber-attacks against credit reporting agencies, is strong evidence that Equifax failed to take appropriate steps to protect consumers. The breach of their legal duty makes Equifax liable to all those consumers affected by the breach.
However, negligence is not the only claim available to affected consumers. What makes this case distinct is the very nature of Equifax—one of the three major credit reporting agencies in the country. As a credit reporting agency, Equifax obtains personal and financial information about U.S. consumers from a variety of sources in order to provide credit reports. As such, Equifax is regulated by the Fair Credit Reporting Act, a federal act requiring that credit reporting agencies provide accurate reports and protect the sensitive consumer information they possess. The FCRA requires that credit reporting agencies follow “reasonable procedures” to protect the confidentiality of consumers. Under the statute, a credit reporting agency’s violation of the FCRA gives affected consumers a claim to bring against non-compliant agencies.
Additionally, most states have similar laws on the books, and Georgia consumers impacted by the Equifax breach can file a claim under federal law or the Georgia Fair Business Practices Act. The GFBPA prohibits deceptive or unfair practices and requires that corporations protect individuals’ consumer information from disclosure, which Equifax clearly failed to do.
No amount of damages can restore our lost confidence, but consumers may be able to recover for damages arising from the theft of their information and pressure Equifax and other credit reporting agencies to increase their cyber security measures. As companies increase their use of technology to store private consumer data, breaches like this will become more prevalent. Therefore, it is more important than ever that consumers know what remedies are available to them and that they have their day in court.
If you think you may be a victim of identity theft because of this data breach, contact us to learn more about your legal rights.
Page Pate is an accomplished trial lawyer with over 25 years of experience in criminal defense, civil litigation, and whistleblower representation. Page is listed in The Best Lawyers in America, Top 100 Lawyers by The National Trial Lawyers, and named to the list of Super Lawyers for the past 15 consecutive years. Page is a frequent expert legal analyst for local and national media and has served as an Adjunct Professor at the University of Georgia Law School. Read Page’s reviews on AVVO. Follow Page on Twitter @pagepate and on Linkedin.