Equifax, which is under the scanner since its high-profile attack, now has one more reason to worry. San Francisco has sued the credit monitoring firm for failing to protect the personal data of 15 million Californian residents. The city’s Attorney Dennis Herrera on September 26 filed the lawsuit in San Francisco Superior Court on behalf of the state residents affected.
It has been alleged that Equifax violated state law pertaining to unlawful, unfair or fraudulent business practices by:
- failing to implement and maintain reasonable security procedures
- failing to provide timely notice of the breach to affected consumers
- providing incomplete and difficult-to-understand information about the breach.
The lawsuit has demanded compensation for California consumers who purchased credit monitoring services from Equifax prior to Sept. 7, 2017, to the tune of $2,500 per violation. San Francisco becomes the first city in the U.S. to sue Equifax for compromising the personal information of 143 million consumers.
“Equifax made a bad situation worse”
Herrera said, “Equifax’s incompetence would be comical if the subject matter weren’t so serious,” while adding, “This company fell asleep at the switch and upended the lives of millions of people. The information that Equifax failed to safeguard is what people need to open a bank account, buy a home or rent an apartment. Now Californians have been put at risk of identity theft for years to come.”
Herrera also claimed that the credit reporting company discovered the massive data breach on July 29, 2017, but it alerted the consumers (some of them are based out of the U.S.) after six weeks on September 7, 2017.
“Equifax made a bad situation worse,” Herrera said while adding, “Their delay prevented more than 15 million California consumers from taking immediate action to protect themselves from the risk of identity theft and fraud.”
Amidst the turmoil, embattled Equifax gets a new CEO
Ironically, the lawsuit was filed on the same day when Equifax’s CEO Richard Smith “stepped down”, following the company’s chief security officer and chief information officer also retiring. Meanwhile, Paulino do Rego Barros Jr. has been appointed as interim chief executive as the company searches for a permanent replacement.
In an open letter titled, “On Behalf of Equifax, I’m Sorry”, published in The Wall Street Journal, Barros wrote, “On behalf of Equifax, I want to express my sincere and total apology to every consumer affected by our recent data breach. People across the country and around the world, including our friends and family members, put their trust in our company. We didn’t live up to expectations”.
While declining to comment on pending litigation, a spokesperson from Equifax told the media, “it wants to reassure consumers that we are remaining focused on helping them navigate the situation and providing the best customer support possible.”
The Department of Justice in Atlanta and the Federal Trade Commission have initiated an investigation into the massive data breach by Equifax. The credit reporting giant that faces more than 20 private breach-related lawsuits nationwide has also begun an internal investigation with FBI officials.
The breach, which reportedly took place in May to July this year, is considered serious as the data includes names, social security numbers, addresses, credit card numbers, and other financial details that could be used by criminals to steal people’s identities for financial gain.