Equifax Data Breach

NOTE: This case has not reached any result as it is still in the earliest stages. However, given the national and local interest in the case, we have provided the initial case profile below. For those interested in learning more directly from us, please read our “FAQs for Interested Clients” at the bottom of the page. Please check back frequently, as we will continue to provide updates by way of this webpage.

In September 2017, Ms. Fleming and co-counsel filed a national class action complaint against Equifax in U.S. District Court Western District of Washington at Seattle.  The three named plaintiffs are residents of Washington and include a small business owner.

UPDATE: Currently, her case is consolidated with other class actions around the country against Equifax for its massive September 2017 data breach in the Northern District of Georgia.The Multi-District Litigation (MDL) IN RE: EQUIFAX, INC., Customer Data Security Breach Litigation is currently at the earliest stages. The initial, Amended Complaint was filed in May 2018. Judge Thrash presides over this MDL, Case Number:1:17-md-02800-TWT.

If you have experienced identity theft and believe that it was likely the result of the Equifax breach, please contact us at Equifax@CFlemingLaw.com. (NOTE: Catherine Fleming is now at this firm.)

Confused about “freeze” versus “lock” options? Please read Catherine Fleming’s recent blog post.

In September 2017, Ms. Fleming and co-counsel filed a national class action complaint against Equifax in U.S. District Court Western District of Washington at Seattle.  The three named plaintiffs are residents of Washington and include a small business owner.

Here are some main takeaways of our lawsuit:

  • Equifax’s post announcement conduct was amateur hour at its best, and profiteering at its worst.
    1. Amateur response – From its sloppy website (using stock installation of WordPress) without proper security measures (a TSL certificate doesn’t perform proper revocation checks), website visitors were asked to submit six digits of their SSN (an imprudent practice, especially given the hasty manner in which EquifaxSecurity2017.com was erected). Frustrated consumers/business owners could not get through via calling. Days later, no one we have spoken to has clear confirmation that their data was compromised.
    2. Profiteering – Post breach, Equifax has offered its “complimentary” identity theft protection, which will expire after one year.*  No one should feel safe about this breach after one year. Typically, bad actors hold onto Personally Identifiable Information for a period of time with the intent of escaping the breach victim’s attention.
      • Equifax’s identity protection is via its own wholly owned subsidiary, TrustedID, which typically charges around $125/year or about $20/month.
      • Equifax’ offer will generate millions of “leads” for TrustedID to renew plans that will increase Equifax’s profits.
  • Small business owners are also at risk and are in a more vulnerable position than larger businesses.
  • Green card holders have worked hard to establish credit in this country. Countless numbers of green card holders in our state have also suffered harm because of Equifax’ negligence.
  • Plaintiffs have experienced identity theft and are correct to recognize that the Equifax breach gives rise to a greater set of issues to those who need credit in some form, including individuals and business owners with mortgages, auto loans, and leased equipment.
  • Regardless of whether your information was exposed, U.S. consumers and Equifax business customers can get a year of free credit monitoring and other services. The site will give you a date when you can come back to enroll, after you enter the requested information. Write down the date and come back to the site and click “Enroll” on that date. You have until November 21, 2017 to enroll. NOTE: We have issues with the unresolved ambiguities regarding a potential waiver of rights that Equifax claims does not apply to the 2017 breach. Any arbitration clause/class action ban may only apply in specific contexts related to Equifax’s credit file monitoring.
  • You also can access Equifax’s frequently asked questions at the data breach incident response site (warning: prepare yourself for corporate double-speak and over-vague responses).

Here are some other steps to take to help protect yourself after a data breach (as recommended by the FTC):

  • Check your credit reports from Equifax, Experian, and TransUnion — for free — by visiting annualcreditreport.com. Accounts or activity that you don’t recognize could indicate identity theft. Visit IdentityTheft.gov to find out what to do.
  • Consider placing a credit freeze on your files. A credit freeze makes it harder for someone to open a new account in your name. Keep in mind that a credit freeze won’t prevent a thief from making charges to your existing accounts.
  • Monitor your existing credit card and bank accounts closely for charges you don’t recognize.
  • If you decide against a credit freeze, consider placing a fraud alert on your files. A fraud alert warns creditors that you may be an identity theft victim and that they should verify that anyone seeking credit in your name really is you.
  • File your taxes early — as soon as you have the tax information you need, before a scammer can. Tax identity theft happens when someone uses your Social Security number to get a tax refund or a job. Respond right away to letters from the IRS.

Frequently Asked Questions for Interested Potential Clients:

  • How do I “sign up” as a client? Please use the contact form below with your first and last name, your email address, and any phone number that you want us to use to contact you. Please also include your physical mailing address. Please note that the First Amended Complaint was filed in the Northern District of Georgia.
  • Do I have to join your class action if I want to hold Equifax accountable? No, other class representatives have already signed on with us, which allow us to move forward on behalf of the entire class.
  • How about those sites that allow me to “automatically” sue via a bot? Those “lawsuits” are not an effective way to hold Equifax accountable. These small claims lawsuits will not actually resolve systemic illegal conduct against many millions of people.
  • Is it ok if I sign up for Equifax’s “free” credit file monitoring?  We think it’s useless, in light of the many clients we’ve talked to. According to ex-CEO Richard Smith, by signing up for the offered monitoring/protection, you do not waive your right to sue Equifax for the cybersecurity incident. However, be aware that the complimentary period expires in 12 months and you should then expect to find offers to renew with TrustedId for a cost (typically $20/month).