back to article Surprising nobody, lawyers line up to sue the crap out of Equifax

Less than 24 hours after credit monitors Equifax revealed it had lost the personal data of more than 130 million Americans, two class action suits have been filed. The suits, separately filed in the Portland, Oregon and North Georgia US District Courts, accuse the credit reporting company of negligence and violations of the US …

  1. CAPS LOCK Silver badge

    Great news if you're a...

    ... Mercedes dealer.

    1. Anonymous Coward
      Anonymous Coward

      Re: Great news if you're a...

      Sorry, but you're going to see a judge quash that. But that's another story. Judges have started to push back on class actions which only enrich the lawyers but do nothing for the harmed party.

      I suspect at the end of this, Equifax will start to freeze customer's credit reports and only releases them when supplied with a 4 digit pin or some two factor authentication.

      The larger issue issue is that there has to be an audit of their entire IT operations. The problem with most of these financial companies is that they choose the lowest cost provider and have off shored their IT operations.

      Mistakes happen, sure, however, when dealing with PII and PCI compliance and other regs, extra care has to happen and security has to be high on the list.

      One can only hope that Business Schools start teaching their MBA students that offshoring is not a good idea. In the IT industry, not all CS programs are the same. Assuming that the developer or Ops guy has any IT related degree in the first place.

      Posted Anon because I'm not PC.

      1. Anonymous Coward
        Anonymous Coward

        Re: Great news if you're a...

        "The problem with most of these financial companies is that they choose the lowest cost provider and have off shored their IT operations."

        No, the problem with these companies is that their primary business is making consumers' private financial data accessible to anyone who wants it.

        So when a hacker stumbles into their system, the data packages are already nicely gift wrapped for them.

        The laws are going to have to change so that only the consumer can approve a release of information, and only ever on an individual basis, never as part of a large, amorphous class of consumers.

  2. HellDeskJockey

    You heard it here first department. Customers will get a year of free credit monitoring. The lawyers will get 1 billion $USD for ummm "fees" or something. I've been in too many class action suits I just toss them with the rest of the Junk mail now. Unless they are offering real money.

    1. Anonymous Coward
      Anonymous Coward

      "Customers will get a year of free credit monitoring"

      As long as they hand over all their personal information and agree to a clause excluding them from any class actions.

      Aren't corporations lovely?

      1. John Brown (no body) Silver badge

        Even in "contract is king" USA, those T&Cs have to be illegal, ie an "unfair contract" since you can only check if you are affected by agreeing not to sue if you are affected. Here in the UK (and probably most of the EU), any attempt to defend those T&Cs would be laughed out of court because your only choice is to do nothing and possibly be a crime victim, or accept the onerous terms. That's pretty much the textbook definition of an unfair contract. Especially since a lot of the people affected are not actually customers.

        I've personally had no dealings whatsoever with Equifax, but that doesn't mean that they don't have PII records of me and my right to sue trumps their right to not tell me if they lost data related to me with onerous conditions.

      2. Ian Michael Gumby Silver badge
        Boffin

        @AC

        You can do the following:

        1) Pay $10 per credit bureau and 'freeze' your credit reporting. (Meaning no one can pull a credit report without your approval)

        2) Join the class action.

        There are a couple of ways they can easily improve security. It may mean removing a source of revenue.

        The PCI compliance rules need to be updated. However depending on how the systems were breached, the company could have already been out of compliance.

        1. Paul Hovnanian Silver badge

          Re: @AC

          "1) Pay $10 per credit bureau and 'freeze' your credit reporting. (Meaning no one can pull a credit report without your approval)"

          This is done on a per agency basis. So you'll need to lock Equifax, Experian and TransUnion records individually. But then never unlock your Equifax account. If a bank or lender wants your credit info, tell them to use one of the other two. Or take your business elsewhere.

      3. elDog Silver badge

        ... Wait - Aren't people corporations also? Or did I misread that F'd up SCOTUS decision?

        Have to add some gratuitous commentary here altho the facts of the matter are clear to any rational being.

        Of course they aren't obvious to any legal parasites making $$$$s on the backs of real people.

        Of course these parasites aren't reading these comments except to figure out how to suck more money out of the non-corporatists.

        Sucks being a lawyer.

  3. John Crisp

    Insider trading?

    Who is going to sue the directors who dumped shares after they knew about the hack, and before that knowledge was made public?

    Should have every cent they own stripped from them. And their credit ratings set to -9999 for the rest of their lives.

    1. psychonaut

      Re: Insider trading?

      maybe -666 would be better

    2. Anonymous Coward
      Anonymous Coward

      Re: Insider trading?

      Don't forget all those short selling the stocks.

    3. Blake St. Claire

      Re: Insider trading?

      I think a number in the low 300s would be sufficient. (Just ask anyone with a 500 score how hard it is to get credit. Hint: next to impossible.)

      A lifetime limited to _one_ "secured" credit card with a $250 limit. A checking account (you lot call it a current account) with a balance of $437.73 with $20 per month in fees. And a 1986 Ford Fiesta with 300K miles on it that burns oil and needs a clutch.

      I presume you lot on your side of the pond are familiar with what a secured credit card is.

      1. Anonymous Coward
        Anonymous Coward

        Re: Insider trading?

        I presume you lot on your side of the pond are familiar with what a secured credit card is.

        Nope. I'm assuming for now it's some kind of pre-loaded, no-credit card?

      2. gerdesj Silver badge

        Re: Insider trading?

        "I presume you lot on your side of the pond are familiar with what a secured credit card is."

        Nope but I would guess that you have to lodge the equivalent of the credit limit beforehand or something similar.

        Please don't knock the Mk 1 Fester - my first car. To be honest I doubt it is possible to get 300k miles on one. Mine fell to pieces way before that. The second engine blew two cylinders eventually and there were too many rust holes to count. They don't last long on the A38 racetrack between Plymouth and Exeter 8)

        1. Anonymous Coward
          Anonymous Coward

          Re: Insider trading?

          "To be honest I doubt it is possible to get 300k miles on one."

          This may be apocryphal but I was once told by someone who supplied Ford that the gearbox on those cars was only rated for 75000 miles, which still meant it would wear out after the engine.

          What is it about the 21st century that means that cars have previously unheard of reliability, safety and mpg while anything involving Big Data turns to shit? It couldn't be anything to do with commercial pressure and effective regulation, could it?

          1. Anonymous Coward
            Anonymous Coward

            Re: Insider trading?

            What is it about the 21st century that means that cars have previously unheard of reliability, safety and mpg

            Computer aided design, mainly. If you think about a 1996 Fizzy, it was essentially much the same as the original 1976 Fiesta with a few trim and drivetrain changes. Development of the Mk 1 Fiesta started in 1972. So although Ford would have had some access to mainframe computing, its actual application to any detail would be minimal, experience of CAD would be non-existent. So everything was engineered by guesswork, fag packet and a slide rule if you were lucky.

            Now take any modern car, and chances are that there's no important components more than eight years old, so in addition to much tighter regulatory standards, every aspect will have been developed on digital systems. Along with much more advanced automated production methods, this means cars are far better optimised in the design stage, the whole vehicle can be computer tested before it has even been prototyped, and the actual production is better and more consistently built to much higher tolerances. Optimisation goes right down to levels of R&D and testing like the flow and combustion of fuel in the cylinder. Back in the days of the Mk 1 Fizzy, it was a case of letting the engine suck a rough mix of fuel and air through a carburettor (remember them? What a piece of sh1t technology), hoping that the mechanical distributor caused the spark plug to fire at roughly the right time, and that would do.

        2. Fuzz

          Re: Insider trading?

          "To be honest I doubt it is possible to get 300k miles on one."

          Not sure about the Mk1 but certainly the 3 and 4 it's tricky to tell just how far it's gone without a study of the MOT history since the odometer only goes to 99999 then resets back to 0. I don't think Ford expected people to be driving 300K miles.

          1. sitta_europea

            Re: Insider trading?

            [quote]I don't think Ford expected people to be driving 300K miles.[/quote]

            A long, long time ago, in a land far away, I remember once hearing a Ford executive say

            "Our cars last long enough."

    4. Ian Michael Gumby Silver badge

      Re: Insider trading?

      First, you can't just make up a credit rating.

      These individuals will be charged with violating trading laws by the SEC. Its a no brainer. What happens next would be interesting.

      The issue though is why they sold and how much of their shares they sold.

      If they can provide legitimate reasons for the sale... they won't be charged or be found guilty.

      If they can't... boom. They will be forced to pay a fine that will exceed the proceeds, pay their legal costs which may initially be paid for by the company, and could face jail time, and lose the ability to be a corporate officer of a publicly traded company. It all depends on the dollar amount and the severity of the situation.

      To give you an example... a sale could have been done as part of diversification, meaning their broker may have found a good deal and he or she sold to move in to the deal. It could have been done to pay off debts, or to get money ready for college tuition or something... we don't know.

      The other problem... Rule FD.

      They could argue that the minute they went 'public' aka notified the authorities... they were allowed to sell.

      (IANAL so I don't know if that argument would hold up in court. )

  4. Marketing Hack Silver badge
    IT Angle

    So, time to settle on some insulting synonyms for Equifax

    Since they seem to want to outdo Crap-ita and Con-cast/Scum-cast in the corporate incompetence Olympics.

    1) Equi-fux?

    2) Equi-lax?

    3) Suck-uifax?

    Please feel free to vote or suggest alternatives!

    (BTW, The Telegraph is reporting that Equifax holds credit/ID info on 44 million Britons. Ugh.)

    1. Joe User

      Re: So, time to settle on some insulting synonyms for Equifax

      How about "Bend-Over-And-Grab-Your-Ankles-fax"?

    2. Anonymous Coward
      Anonymous Coward

      Re: So, time to settle on some insulting synonyms for Equifax

      Equinefax

      because they are closing the stable door after the horse has bolted.

    3. a_yank_lurker Silver badge

      Re: So, time to settle on some insulting synonyms for Equifax

      When you make Slurp and Comcrap look like paragons of customer service and ethics you are pretty low.

  5. Ugotta B. Kiddingme

    As has been said often before

    by me and by many others commenting herein, this crap will continue unabated until executives start going to jail for it. Maybe the CEO but most certainly the CIO and probably a few others. Until specific people within <breached corporation du jour> are held personally and legally accountable, this will continue to happen.

    1. Eddy Ito Silver badge

      Re: As has been said often before

      No, jail isn't at all appropriate. Garnishing their personal income and assets to cover the costs of the 130+ million impacted people will incur would be a good start. I'm sure we can find an old Ford Pinto for them to drive to work once the Jaguar has been sold.

      1. Mark 85 Silver badge

        Re: As has been said often before

        Why can't we have both jail and stripping them of their assets?

        1. a_yank_lurker Silver badge

          Re: As has been said often before

          Elsewhere someone suggested nailing the C-suite to a tree in lieu of prison. I wonder if we could douse it with gas (petrol) and light a match.

          1. Mark 85 Silver badge

            Re: As has been said often before

            I wonder if we could douse it with gas (petrol) and light a match

            Err.. no. The environmentalists would raise holy hell. Just letting them rot on the tree would be environmentally friendly.

      2. John Brown (no body) Silver badge

        Re: As has been said often before

        "Garnishing their personal income"

        That always gives me a mental image of a sprig of parsley attached to their payslip.

        1. Anonymal coward

          Re: As has been said often before

          And you're so right, garnishing will involve parsley or suchlike; garnisheeing, however...

    2. DougS Silver badge

      A modest proposal

      While jail is appropriate for truly criminal conduct, if it is used for simple negligence then CEOs will spend all their time butt covering and consult their personal lawyer before any decision.

      Making them pay out settlements is more appropriate. Take all the money they've made from their job beyond the 90% percentile of all the company's employees - hypothetically they might have to give back every penny they made over $190K or thereabouts. They wouldn't be left destitute, but they'd think twice about a scheme to cut corners and make the quarterly numbers so they earn their bonus if it meant they might have to give back all the millions they made over the last decade since they took the job.

      1. Doctor Syntax Silver badge

        Re: A modest proposal

        "While jail is appropriate for truly criminal conduct, if it is used for simple negligence then CEOs will spend all their time butt covering and consult their personal lawyer before any decision."

        The law has a concept of criminal negligence for situations where simple negligence is an inadequate description of conduct.

  6. The Nazz Silver badge

    At the risk of showing symptoms of Tourettes ...

    What sort of subhuman f****** c*** comes up with those T & C's in a situation like this?

    Aside, from jail time and asset confiscation for the data leak, they should suffer further punishment (having their privates steamed daily, maybe) for the T & C's malarkey. Talk of kicking people when they're down.

    1. Naselus

      Re: At the risk of showing symptoms of Tourettes ...

      "What sort of subhuman f****** c*** comes up with those T & C's in a situation like this?"

      Lawyers.

    2. Pompous Git Silver badge
      Devil

      Re: At the risk of showing symptoms of Tourettes ...

      "What sort of subhuman f****** c*** comes up with those T & C's in a situation like this?"
      Speaking as a complete fucking cunt, I resent being equated to a lawyer!

  7. Alister Silver badge

    Class action waiver and arbitration

    Interestingly, if you read the whole of the TrustedID agreement, there is this paragraph tucked away at the bottom:

    If, however, the class action waiver provisions in the “Arbitration” section are found to be illegal or unenforceable, then the entire arbitration provision in the “Arbitration” section will be unenforceable, and any Claims (as defined in the “Arbitration” section) will instead be decided by a court.

    1. Anonymous Coward
      Anonymous Coward

      Re: Class action waiver and arbitration

      and any Claims (as defined in the “Arbitration” section) will instead be decided by a court.

      Translation: "we've got deeper pockets than you, so if we can't have arbitration on our utterly one-sided terms, then you can all fuck off and try and sue us"

      Equifax: What a bunch of utter arsewipes.

  8. D Moss Esq

    Silent as the grave

    The UK Government's identity assurance scheme, GOV.UK Verify (RIP), has contracts with seven "identity providers" whose job it is to verify our identity.

    Three of them depend on Equifax to do that – Barclays, GB Group and Royal Mail.

    Equifax's business activity is currently interrupted.

    Without Equifax, those three "identity providers" can't do their job. GOV.UK Verify (RIP) can't work.

    There has been no comment yet from the Government Digital Service. There never is. GOV.UK Verify? RIP.

  9. Reg T.

    If you visit the website and sign up for TrustedID,

    the terms of service include foregoing any involvement in a class action lawsuit. These EquiScum are evil ++. So, their offer of "free" 1 year service is a honeytrap.

    http://www.foxbusiness.com/politics/2017/09/08/equifax-hack-victims-could-be-disqualifying-themselves-from-class-action-claims-heres-how.html

    1. John PM Chappell

      Re: If you visit the website and sign up for TrustedID,

      The T&C were never enforcable, they were just giving it a go in case they can get an idiot judge. They know it's a non-starter, really though. You can only waive those rights with clear informed consent.

      1. Anonymous Coward
        Anonymous Coward

        Re: If you visit the website and sign up for TrustedID,

        In civilised countries you cannot waive such rights, even if you consent to you would be free to enforce them.

  10. Anonymous Coward
    Anonymous Coward

    Now, lawyers are lining up to make sure that the laywers of those who have been exposed in the leak can claim a share of the payout.

    TFIFY.

    1. VinceH Silver badge

      I was going to fix that sentence as well, only my version was more like:

      "Now, lawyers are lining up to make sure that those who have been exposed in the leak can claim a share of the payout amounting to less than a dollar each, while they themselves collect $MEGABUCKS"

  11. Chronos Silver badge

    Credit reference agencies

    Equifax, Experian, Call Credit et al, as far as I'm concerned they can all sod off. These parasites gather information on individuals and addresses whether you consent or not. This is what happens when you allow them to do so. I'm frankly surprised it took this long.

    1. Disgruntled of TW
      Stop

      Re: Credit reference agencies

      It was Equifax or Experian - I can't remember - but one of them sent my credit report to my address, with some greek woman's name instead of my own.

      I complained, to the agency and also the ICO, and got no response, not even an apology. They have all the power and none of the accountability. Our government allows them to do this. One error like mine could be disastrous to my life. It isn't even a 10^-6 rounding error for them, and they treat it as such. They get what they deserve. I would prefer a not-for-profit regulated organisation and the removal of these predatory credit agencies.

      1. Doctor Syntax Silver badge

        Re: Credit reference agencies

        "They get what they deserve."

        Unfortunately those whose details were leaked got what they didn't deserve.

  12. Anonymous Coward
    Anonymous Coward

    No class actions, just put them all in jail

    I would make everyone who profited responsible for paying the losses to the effected individuals, none of the sharks cared where the profits came from or the fate of people they were abusing.

    No more countries just shrugging shoulders and failing to punishing the people to blame.

    They need to send a message that choosing not to protect customers data is far too expensive to consider i.e. everything the "responsible" people, who chose not to protect it, have got and more.

    None of these data breaches were accidental, each time they decided that protection was too expensive to bother with when the result of breach was just a slap on the wrist.

  13. Anonymous Coward
    FAIL

    Now free. Forever.

    Literally.

  14. Aodhhan Bronze badge

    Time to get CONTROL of credit agencies a.k.a For Profit Intel Organizations

    It's about time we all wake up and start getting on our local and federal legislatures to reign in credit agencies. It seems every other month a new credit agency pops up. Why not.. it's HUGE business.

    If you're worried about the typical PII items being released... this is nothing.

    Consider everything a credit agency knows and collects about you, your family and lifestyle trends.. under the guise they use it to determine risk. This isn't information for the past 1-5 years, this is lifetime:

    - Properties purchased, location, and type (2 bedroom, 3 bath, 2100 sq feet etc).

    - Vehicles purchased, make, model, year etc. They can also interpolate your average mileage per year.

    - Organizations you belong to.

    - Donations, amount, etc.

    - Hobbies

    - Registered to vote, elections participated in

    - Income, investments (type, to whom, active/passive, 401K, etc.)

    - Insurance coverage, what you cover, specialty items covered

    - Nearly every single monetary transaction monitored, classified into various things; i.e. from where, location, etc.

    - Tax information

    - Employment information

    - Household expenses, gas/electric/heat bills... etc.

    ----On and on and on. These databases know you better than your mother, best friend and spouse.

    With all of this, they can interpolate many of your lifestyle and professional choices and to what degree.

    This isn't just a credit company... it's a FOR PROFIT INTELLIGENCE ORGANIZATION.

    With all of this information, they sell it to those who gather it all in and sell it to businesses.

    Places such as: InfoGroup, InfoUSA, YesMail, etc. Sell this information for big bucks and nearly every Fortune 500 company subscribes to MANY of these (not just one) for direct marketing and other overt/covert corporate greed schemes. It can also be used against you in court or by organizations like Scientology to discredit or publicly humiliate.

  15. Nocroman

    Equifax Lawsuits.

    It's a nice thought and I want to sign up to sue Equifax. But I know from past experience that the government will not penalize Equifax with a penalty large enough to give everyone hurt by Equifax any kind of real money. Only the lawyers will get money and in huge chunks and we the injured will get a free credit report or a few cents each. I want the CEO, and president, and the Equifax board of directors fire and imprisoned for life as that is how long my credit information will be out there for anyone to use. What Equifax has done is paramount to setting off a nuclear bomb in every household they had credit information for.

    1. Speltier

      Re: Equifax Lawsuits.

      Rather than notional damages, the result of the lawsuit ought to be a refund of 2x the cost of freezing/unfreezing the credit reports each time the credit report is frozen or unfrozen for every agency. For a yearly count that is at least 2 standards of deviation beyond the median of what a typical person does each year (that is, of the population that even uses freeze/unfreeze, otherwise, the value approaches 0).

      The obvious response for Equifax is to make the cost 0-- so 2x0 is 0-- but the competitors might go to say 1000 just to eliminate the competition. A virtuous solution.

      Oh rats. I just woke up.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019