Equifax Faces Bumpy Legal Terrain as Consumer Suits Mount
14 September 2017 - 9:16AM
Dow Jones News
By Jacob Gershman
Credit-reporting company Equifax Inc., which last week suffered
a massive data breach, could face a tougher challenge in court than
other corporate giants that have dealt with the legal fallout of
data breaches, according to legal experts.
Unlike earlier retailer hacks, such as those suffered by Home
Depot Inc. and Target Corp., the Equifax breach is bigger in scope,
potentially compromising the personal information -- including
Social Security and driver's license numbers -- of roughly 143
million U.S. consumers.
The legal terrain, meanwhile, has become bumpier for hacking
defendants. A few years ago, consumer litigation over data breaches
had trouble even getting onto the docket. But as the number of
hacking cases rises, judges have been increasingly willing to let
data-breach plaintiffs have their day in court.
"Five or six years ago, it was much easier to simply get
lawsuits dismissed," said Amy Mushahwar, a data-privacy and
security attorney at Davis Wright Tremaine LLP in Washington,
D.C.
Since Equifax disclosed last Thursday that hackers had gained
access to some of its systems, more than 100 lawsuits have been
filed in federal courts across the country, according to a review
by The Wall Street Journal.
"Equifax's only job in life was to safeguard data," said Marc
Dann, whose Ohio law firm and co-counsel have brought lawsuits
against Equifax in at least seven states.
Finding aggrieved plaintiffs didn't take a lot of searching, Mr.
Dann said. "I couldn't take out the garbage without someone asking
me to represent them in this case," he said.
An Equifax spokesman didn't respond to a request for comment.
The company said last week that it is offering free identity-theft
protection and credit-monitoring to U.S. consumers. "We pride
ourselves on being a leader in managing and protecting data, and we
are conducting a thorough review of our overall security
operations," Equifax Chief Executive Richard Smith said last
week.
Many of the Equifax lawsuits allege the company was a negligent
custodian of personal data that millions rely on to establish their
identity and creditworthiness.
Most of the complaints bring their claims under the Fair Credit
Reporting Act, a 1970 federal law that imposes data-security
requirements on consumer-reporting firms. The FCRA gives consumers
rights to access their credit and ensure their credit file is
accurate. The law offers per-violation damages that could be easier
to prove than actual damages, but is little tested in the area of
data-breach litigation.
Until recently, courts have generally declined to hear
data-breach lawsuits trying to hold a company responsible for the
havoc wrought by hackers. The reason: Plaintiffs in federal court
generally must allege they suffered a concrete injury and that the
injury can be redressed.
But more courts are warming to the idea that even the threat of
identity theft -- and the aggravation, distress and cost of
containing the risk -- can cause harm.
Last month, the U.S. Court of Appeals for the District of
Columbia Circuit overturned the dismissal of a lawsuit against
health insurer CareFirst BlueCross BlueShield over a 2015 data
breach. The appellate judges disagreed with a lower court finding
that the injury claims were too speculative.
CareFirst said it plans to ask the U.S. Supreme Court to take up
the issue. The company's lawyers stated in their filing that they
want the justices to "guide courts in sorting out the claims of
truly injured victims of data breaches from those who file class
actions without being able to allege that any harm is real."
The breadth of the Equifax breach could make it harder for the
credit-reporting company to either win the cases in court or settle
them cheaply, say legal experts.
When credit- or debit-card information is compromised, as in
data breaches at Target and Home Depot, consumers could minimize
the risk of identity theft or fraud by getting new cards and
enrolling in credit-monitoring services.
With Equifax, hackers gained access to servers containing
customers' names, social-security numbers, birth dates and
addresses. The exposure of that personal information, which
consumers use to apply for credit cards or to take out loans,
raises the specter of a longer-term privacy threat that could
encourage plaintiffs to push further into the discovery process
instead of settling early, said Craig Newman, a cybersecurity
lawyer at Patterson Belknap Webb & Tyler LLP.
(END) Dow Jones Newswires
September 13, 2017 19:01 ET (23:01 GMT)
Copyright (c) 2017 Dow Jones & Company, Inc.
Equifax (NYSE:EFX)
Historical Stock Chart
From Mar 2024 to Apr 2024
Equifax (NYSE:EFX)
Historical Stock Chart
From Apr 2023 to Apr 2024