One of the largest data breaches in US history, the credit reporting agency only revealed in September that hackers had accessed about 143 million US consumers’ names, Social Security numbers and other sensitive personal information on its servers between May and July.
Lawsuits have been filed by consumers in Georgia and Oregon and more are sure to follow. The New York Attorney General’s Office has also launched its own investigation.
The plaintiffs in the Georgia class action allege a host of injuries that they have or are likely to suffer as a direct result of the breach. These include costs associated with the detection and prevention of identity theft and unauthorized use of their financial accounts, damages arising from the inability to use their PII and access to their account funds, the loss of their privacy, and potential fraud and identify theft posed by their PII being placed in the hands of criminals.
The lawsuit was filed in Atlanta federal district court, just hours after Equifax alerted the public about the data breach, seeks statutory damages under the Fair Credit Reporting Act (FCRA). Plaintiffs are accusing Equifax of having “acted willfully and recklessly because it knew or should have known about its legal obligations regarding data security and data breaches under the FCRA.”
Consumers in the Oregon class action are claiming that at least one plaintiff had already purchased third-party credit monitoring services and requested that Equifax "provide fair compensation in an amount that will ensure every consumer harmed by its data breach will not be out-of-pocket for the costs of independent third-party credit repair and monitoring services."