Disclaimer: The following is not legal advice. If you have been affected by Equifax’s data breach and are in need of representation, submit an inquiry at Bachuwa Law.
I titled this post with an asterisk as every day brings about new developments to this massive data breach story.
Going off the numbers, it is not far-fetched to say that it is more likely than not that your personal information may have been exposed as a result of the Equifax data breach. Equifax revealed that 143 million Americans may have had their personal information compromised. The population of the United States is 323 million. The population below the age of 18 is 74 million. That leaves 106 million people who are unaffected. Those people are perhaps lucky, live off the grid, or do not apply for credit regularly enough for this data breach to be an issue.
For the rest of us, the question is: what do I do now? The first step is to go to Equifax’s website and see if you were impacted. Ironically, you have to provide the last six digits of your social security number along with your last name in order to view your results. Here is what mine said:
A New York Times article reported that typing in a random name would result in the notification that the fictitious individual may have been affected. That must have been a glitch because I have friends and family who received the good news that they were definitively not at risk.
If you do not fall into this group, the next step is to decide whether you want to join TrustedID Premier, a credit protection service offered by Equifax free of charge for one year. Again, it is ironic that the company that allowed data to be compromised on its watch is asking users to entrust it to protect them from future attacks.
Initially, Equifax was offering the service only if the consumers agreed to waive their right to a class action. Corporations be damned, but this was a stealthily clever attempt for Equifax to fully insulate itself from the firestorm that will be arriving at its door. To be clear, there is no class action waiver for enrolling in TrustedID Premier in response to this cybersecurity incident.
Having said that, Equifax’s remedy for this epic blunder is far from adequate. First, as the same NYT article pointed out, cyber bandits would wait a year for the TrustedID membership to expire before exploiting the treasure trove of data. At the same time, there is nothing to stop criminals from using the information now to open fraudulent accounts that pull information from TransUnion or Experian. What is most absurd is that Equifax could potentially profit from this data breach because those that enroll in TrustedID would be too paranoid not to pay for the monitoring service after the trial is up. The data is out there forever. It is a matter of ‘when’ not ‘if’ that a thief would do something with it. As a result, TrustedID users would reup on their membership for many years to come.
Legal Action
If you have been or may have been affected by the data breach and you want to take legal action against Equifax, the next question is how.
The Obvious Option: Class Action
The angry mob of those affected by the data breach took to Twitter to with their virtual pitchforks to demand a class action be filed against Equifax for this historic event. Their prayers were answered as the law firms of Olsen Daines PC and Geragos & Geragaos (Mark Geragos was the former attorney to Michael Jackson) filed a claim alleging more than 70 billion in damages. The complaint stated that “Equifax knew and should have known that failure to maintain adequate technological safeguards would eventually result in a massive data breach. Equifax could have and should have substantially increased the amount of money it spent to protect against cyber-attacks but chose not to.”
While I agree with the allegations in the complaint, I do not necessarily agree that all those affected should join the action. The more that join, the less each plaintiff will receive. For example, assume that 143 million people join the class and the demand of 70 billion is awarded. If the attorneys receive absolutely nothing, each claimant would come away with $489.51. Regardless of the number of plaintiffs, the lawyers will come away with billions, and the consumers will end up with a rounding error award.
I speculate that this case will settle with plaintiffs receiving a nominal amount of money and a few years of TrustedID protection.
The Other Option: Consumer Arbitration
Consumer arbitration is a more efficient, albeit unknown, process for resolving disputes and obtaining meaningful results compared to litigation. Here’s why:
Individual Basis
In consumer arbitration cases are filed on an individual basis. That means each claimant can decide if he or she would like to accept a settlement or go through the entire process. This gives much more control to the claimant than in a class action where the class representative (and his or her lawyers) have the ultimate say. It may also result in a substantially higher payout to the claimant as he or she does not have to split the award with tens of thousands of other claimants.
Cost
In many consumer arbitration claims, including one against Equifax, the consumer’s share of the filing fee ($200), the administrative fee ($1,700), and the arbitrator’s compensation ($1,500) are covered by the respondent. An automatic bill of $3,400 per claim multiplied by thousands of people would likely force Equifax to address the claims expeditiously.
Time
If Equifax chose not to settle and go through the arbitration process, a resolution would still come about much faster than a class action as the average time from filing to an arbitrator’s award is months not years.
What’s Next?
It remains to be seen how Equifax will handle all the claims. Will it end up as a massive, consolidated class action? Will Equifax close the arbitration gates if too many take that route? Will the government step in? Will an automated chatbot be the answer? It is too early to know, but there is only way to find out– take action!
If you were affected, what legal steps are you taking?
[…] investigation is under way. And compensation may come via a class action lawsuit or, better yet, many individual arbitration claims. Regardless of all that, your number one priority now should be to protect yourself. Equifax just […]
Equifax should have their business privileges terminated in every state and close up. It boggles the mind that they still would be providing credit reports to business’ and making money off the consumers they left hanging out to dry. Add insult to injury you have to pay them to freeze your credit reports only made necessay because of their negligence. Unfreakin real. I don’t have time now to start complaining to my state reps but i will start raising hell as soon asi Ican. Everyone should and get these bozzos out of business.
What damages would would one claim in an arbitration case?
Assume they are affected by the data breach and they haven’t seen any odd activity yet.
I read the previous comments but I still don’t understand how Equifax can force arbitration on consumers that have never agreed to it or never had an opportunity to opt out of it. Equifax’ customers are the businesses that request screening and credit data for their potential customers.
-David
That company should be liquidated by the courts and proceeds given out to each victim, not the states (as the attorney generals usually get big $ for their state funds). 40 attorney generals have filed suit, but I fear they’ll mainly get fees awarded for their states and then a token monitoring service for the actual victims. Companies need to realize when they fail this big they will become extinct and be liquidated.
I have actually paid $20 a month to Equifax for their Equifax Complete Premier Plan. It just adds to the insult.
Isn’t it obvious that Equifax allowed itself to be hacked in order boost their profitable credit monitoring services. This wasn’t a hack it obviously had to be a leak. Once there free credit monitoring officers expire the $$$$ is coming in.
Equifax better not get away with this.
This last week I had fraud on my AA Citibank card, but was alerted by Citibank promptly, closed the account and was issued a new card…could this already be a result of the breach, or is it too soon ?? Also how will we know there will be fraud and abuse as a result of the hack……just wait to see what happens. I am in the process of freezing all accounts , but so far Transunion is the only one, I can`t get through to Equifax or Experian by phone or online
What would be the basis of an arb case?
I was under the impression that arb only grants monetary relief (not injunctive). So claimants would need to show actual damages to file and win. But no one’s been harmed (yet). An you usually can’t sue for “potential” damages, right?
“who received the good news that they were definitively not at risk.”
Cool, can I show you some Florida swampland I have for sale? It’s definitively develop-able.
A fool and his money are soon parted….good luck to your family members. A random 6 digit and last name still worked 48 hours ago.
There has to be some metes and bounds. Otherwise, we are all infected! Hysteria!
We can be a little practical as we start to unearth what happened.
Alex, you may be a good lawyer, but your math skills need some work. $70 billion divided by 143 million is $489.50/person. Regardless, Equifax is worth about $6 billion, so there won’t be much to divvy up if everyone sues.
So much for check/recheck, I still Michael Bolton’ed the decimal spot. Thanks for checking. Fixed.
You hit the nail on the head Michael. The fact is, even a “successful” class action isn’t going to yield much for consumers.
I agree!
How do you file an arbitration when you have no arbitration agreement? Unlike a credit provider, we never agreed to anything with Equifax. They simply take the data and then market it to creditors. There is no agreement to arbitrate with the victim as a basis for arbitration. A small claims suit can be done without agreement when a tort occurs, but I don’t see how an arbitration can be forced here.
This is a good question. I was going to refer you to Equifax’s terms and conditions but guess what? The page is down.
Before the data breach, all claims against Equifax had to be brought in arbitration or small claims. While you aren’t a customer in the traditional sense (you don’t pay Equifax money), you are using its services (they provide banks with information which is used to approve credit). Based on that definition, you were subject to the arbitration agreement. ‘
Then there was the breach. Initially, Equifax tried to mandate arbitration if you
signed up for their credit monitoring. This would imply that you were not subject to arbitration before. Curiously, this contradicts what I said above.
Then Equifax had a public backlash and said that signing up did not preclude you from filing a class action. It also changed its terms and conditions to say that data breach claims are not subject to arbitration.
So where does this leave us? First, with a terms and conditions page that does not work. Second, in an interesting place. Are the cases arbitrable? Which terms should we follow? Like my conclusion says, there’s only one way to find out.
Note: under ‘normal’ circumstances, I would little doubt that the case would be arbitrable and that Equifax would have preferred arbitration.
We’ll never know if we never try. A good faith argument can be made for arbitration. The alternative is to stick with the class action, maybe, collect a voucher for a free meal from the fast food restaurant of your choice. (Personally, I’d go for Chipotle).
Queso at qdoba.
Great question.
Take a look at this article. It does not put arbitration in a favorable light…
http://www.latimes.com/business/lazarus/la-fi-lazarus-equifax-arbitration-clauses-20170912-story.html
I’ve written many articles on here that are more informative than that one. That’s the same speech over and over. How does it explain all the positive results for my clients?
Perhaps there is a silver lining concerning all those one-time AMEX credit card sign on bonuses and limited credit card sign on bonuses from other major banks. What if we all just apply for new social security numbers and new credit cards to go with them? We might get more value out of all those new credit card sign on bonuses than any class action settlement.
“The SSA may assign a new Social Security number to you if you are being harassed, abused, or are in grave danger when using the original number, or if you can prove that someone has stolen your number and is using it.”
5/24!
If I beat up an equifax executive , would that be considered self-defense? We all need to do some self-defending.
Hilarious! But we don’t condone violence.