One day after Equifax announced (more than one month after it itself had learned) that its systems had been hacked, resulting in up to 143 million social security numbers, names, addresses, driver’s license data, birth dates, some credit card numbers and pretty much all other critical personal data being leaked and currently for sale somewhere on the dark web, the company whose job is, ironically, to protect the credit and personal information of hundreds of millions of Americans has been hit with a monster class-action lawsuit seeking as much as $70 billion.
In retrospect, we find it surprising that it wasn’t multi-trillion lawsuit in light of the galactic stupidity exhibited by a company whose server apparently had zero firewalls from the internet and where any hacker could get access to the most confidential information available.
And while for the most part class action lawsuits are filed by ambulance-chasing lawyers seeking a recovery for a class of plaintiffs in exchange for a juicy 25-40% of the final amount, in this case In the complaint filed in Portland, Ore., federal court has every single merit to ultimately crush Equifax for what is nothing less than unprecedented carelessness in handling precious information.
In the lawsuit, plaintiffs alleged Equifax was negligent in failing to protect consumer data, choosing to save money instead of spending on technical safeguards that could have stopped the attack, Bloomberg reports. Imagine how much angrier they would be if they found that instead of “saving” the money, the company used it instead to buy back its own stock (in this case from selling executives).
“In an attempt to increase profits, Equifax negligently failed to maintain adequate technological safeguards to protect Ms. McHill and Mr. Reinhard’s information from unauthorized access by hackers,” the complaint stated. “Equifax knew and should have known that failure to maintain adequate technological safeguards would eventually result in a massive data breach. Equifax could have and should have substantially increased the amount of money it spent to protect against cyber-attacks but chose not to.”