BizTech Law Blog Banner

BizTech Law Blog

Equifax or EquiFaux Pas: Updates on the Equifax Breach
Posted by:

In September 2017, credit reporting agency Equifax announced that personal information for over 140 million U.S. consumers was potentially compromised. Equifax’s forensic investigations have put the number closer to 145.5 million. The compromised data includes names, social security numbers, birth dates, addresses, driver’s license numbers and even credit card numbers. Within a matter of weeks after the breach, Equifax’s CEO, Richard Smith, announced he was stepping down. It soon became clear that Equifax’s troubles were just beginning.

Equifax initially set up a website where consumers could go check if their information had been compromised. However, the website ran into a host of issues. First, many news stories reported that the website was not giving clear responses. Second, a web developer made a fake Equifax site and Equifax linked to it. The fake site was taken down within a day. The fake site’s creator stated the purpose was to illustrate how dangerously easy it was to impersonate Equifax’s site. Third, the Equifax site initially included an arbitration clause, which forced people who used the site to waive their right to a class action lawsuit. Due to public outrage, Equifax has since removed the arbitration clause. Finally, Equifax’s site was maliciously manipulated, as users of the site were redirected to download fraudulent Adobe Flash updates. When the updates were clicked, users’ computers were infected with adware. Even worse the adware was only detectible by 3 of the 65 antivirus providers. Equifax appears to have resolved the issue and is currently placing the blame on a third party vendor.

Days after Equifax announced the breach, Equifax was awarded a $7.25 million “taxpayer identity” contract with the Internal Revenue Service (IRS). After the malware attack, the IRS temporarily suspended the contract. Earlier this week the Government Accountability Office (GAO) rejected Equifax’s bid.

In early October, Equifax’s former CEO, Richard Smith, formally testified before Congress. While testifying, information came to light that the Department of Homeland Security had warned Equifax to fix any vulnerabilities in their software. Equifax failed to do so and the breach occurred later that month.  Furthermore, Smith was questioned about several stock sales by high ranking executives that occurred shortly before the breach was announced. Equifax’s stock has also been affected by the breach. Since news of the breach, Equifax’s stock is down around 23%. Equifax is under investigation from multiple authorities. The Department of Justice (DOJ) opened a criminal investigation into possible insider trading at Equifax. The Consumer Financial Protection Bureau, the Federal Trade Commission (FTC) and 35 state attorneys general, including Michigan’s Attorney General Bill Schuette, have opened inquiries into the breach. Furthermore, Equifax may be facing consumer lawsuits. The plaintiff’s bar initiated a class action lawsuit on behalf of the affected consumers shortly after the breach was announced. More class action lawsuits are expected to arise as news about the breach continues to be revealed.

Previous posts have addressed steps consumers can take in response to the threat of identity theft. Additionally, businesses should implement and evaluate an incident response plan to avoid Equifax’s missteps.

If you have questions or concerns regarding identity theft or a breach response plan please contact a Foster Swift Business & Corporate attorney.

Authors

Categories

Recent Posts

Jump to Page

Foster Swift Collins & Smith PC Cookie Preference Center

Your Privacy

When you visit our website, we use cookies on your browser to collect information. The information collected might relate to you, your preferences, or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. For more information about how we use Cookies, please see our Privacy Policy.

Strictly Necessary Cookies

Always Active

Necessary cookies enable core functionality such as security, network management, and accessibility. These cookies may only be disabled by changing your browser settings, but this may affect how the website functions.

Functional Cookies

Always Active

Some functions of the site require remembering user choices, for example your cookie preference, or keyword search highlighting. These do not store any personal information.

Form Submissions

Always Active

When submitting your data, for example on a contact form or event registration, a cookie might be used to monitor the state of your submission across pages.

Performance Cookies

Performance cookies help us improve our website by collecting and reporting information on its usage. We access and process information from these cookies at an aggregate level.

Powered by Firmseek