BECKLEY – A class action lawsuit has been filed against Equifax for a data breach and then failed to disclose the breach to class members.
Equifax Information Services and Equifax Consumer Services were also named as defendants in the suit.
Defendants operate together as a unified consumer reporting agency to prepare and furnish consumer reports for credit and other purposes, according to a complaint filed Sept. 28 in the U.S. District Court for the Southern District of West Virginia.
Lisa Gladwell and Sharon Morgan claim Equifax’s databases contain a treasure trove of valuable information about nearly every American adult—account numbers and payment histories, Social Security numbers, names and aliases, birthdates, addresses, employment histories and the like—that Equifax collects and sells to businesses that extend credit, loan money, sell insurance and grant employment, among numerous other activities.
The defendants obtain the largest portion of its vast store of data independently and without consumers’ consent or knowledge, according to the suit.
The plaintiffs claim in May, and likely earlier, unknown individuals electronically accessed Equifax’s databases without the defendants’ knowledge, gaining access to information about approximately 143 million Americans.
The defendants have disclosed generally that the fraudulent users procured consumers’ names, Social Security numbers, birthdates, addresses and driver’s license numbers, according to the suit. The breach lasted for months and, although Equifax knew about the security vulnerability in May, and the breach itself in July at the latest, it sat on this information until Sept. 8.
“While Equifax has revealed that the breach took place, it has been anything but transparent,” the complaint states. “It has yet to identify the specific individuals affected, reveal exactly what information was taken or learned by the hackers and when, or take any preventative steps other than to alert consumers who are able to navigate its website that they ‘may’ be affected by the breach, often with inconsistent results. For a company that traffics in electronic information of such a sensitive and specific nature, this is unacceptable.”
The plaintiffs claim they are consumers regarding whom the defendants possessed information protected by the federal Fair Credit Reporting Act, which was thereafter unlawfully procured by identity thieves between March and July. The plaintiffs assert a negligence claim for themselves and all other West Virginia consumers.
Equifax possessed significant, important financial data about them but failed to exercise the standard of care required of an entity with such “grave responsibilities” that come along with the right to store and sell such information, according to the suit.
The plaintiffs claim because of that failure, Equifax permitted unauthorized access to the plaintiffs’ and class members’ personal information, which in turn caused them to suffer not only actual harm caused by the stress of not being able to know what was accessed and how it will be used by the perpetrators of the breach, but also the risk of harm that their identities will be stolen, accounts improperly accessed, or credit injured, among other potential harms.
The plaintiffs are seeking compensatory and punitive damages. They are being represented by Elizabeth Hanes of Consumer Litigation Associates.
U.S. District Court for the Southern District of West Virginia case number: 5:17-cv-04061