Consumer credit reporting agency Equifax has already been hit with over 30 lawsuits over what may be the largest breach of sensitive information in U.S. history – at least 23 of which are class-action filings, and all of them representing individuals.
On Tuesday, Massachusetts AG Maura Healey – a Democrat who in March led the state in suing the Trump administration over the travel ban – announced her intent to take Equifax to court, the first such lawsuit from a state prosecutor’s office over a data breach which has affected up to 143 million Americans. “In all of our years investigating data breaches, this may be the most brazen failure to protect consumer data we have ever seen,” said Healey.
In a press release, the Mass AG’s office is claiming that Equifax did not “maintain the appropriate safeguards to protect consumer data,” which is a violation of state consumer protection and privacy laws.
While Equifax offered people a free credit monitoring service which initially waived the right to sue the company, they later clarified that customers could sue if they sent Equifax written notice within 30 days. Yesterday, the company said that use of the free credit monitoring service does not waive the right to take legal action.
New York Attorney General Eric Schneiderman said the clarification came as a result of conversations with his office.
Schneiderman’s office is currently investigating the breach, as are attorneys general in Pennsylvania, Connecticut and Illinois.
Regulators and investigators across the country have already begun to dig into the scope and disclosure of the hack – including safeguards and procedures Equifax had in place prior to the attack. The NY AG’s office begun an investigation into the breach last week, along with the Consumer Financial Protection Bureau and the FBI.
Setting sale before the storm
Separate of the lawsuits, a bipartisan group of senators called upon federal prosecutors to investigate stock sales by three Equifax executives before the company publicly disclosed the hack, generating nearly $2 million in proceeds shortly after the breach was detected.
SEC filings show that Equifax CFO John Gamble sold $946,000 worth of shares on Aug 1, while two other executives sold shares and exercised options worth nearly $850,000.
The lawmakers, led by senators John Kennedy (R-LA) and Jack Reed (D-RI) is asking the SEC and the FTC to look into the sales.
“As part of your investigations, we request that you conduct a thorough examination of any unusual trading, including any atypical options trading, for violations of insider trading law,” the senators wrote. “We request that you spare no effort in your investigations and in enforcing the law to the fullest extent against anyone who is found to be at fault.”