Equifax has attempted to kick out the mass lawsuits taken out against the firm following last year’s data breach by insisting they are based on an “attenuated theory of liability” that is unprecedented, arguing that a 566-page complaint dossier on behalf of consumers is “long on words” but “short on operative facts”.
In the US, Equifax attorney David Balser, a partner at King & Spalding in Atlanta, argued that claims brought by credit unions, banks and associations for financial institutions were “far fetched” as the vast majority of plaintiffs lacked standing to sue in a federal court because they had no injuries from the breach; just speculation about the increased risks of ID theft.
Equifax also argued it owed no duty of care to safeguard the personal information of its customers, citing a May 11 decision by the Georgia Court of Appeals in McConnell v. Georgia Department of Labor.
In that case, the appeals court found that the Georgia Department of Labor owed no such duty to more than 4,000 applicants for unemployment benefits, despite inadvertently exposing their Social Security numbers and other data in an email.
Norman Siegel, a partner at Siegel Teitelbaum & Evans who is acting as an attorney for the consumer plaintiffs, said in a statement. “[That is an]extraordinary position Equifax is taking here – that it does not owe a duty to Americans to keep their data protected.
“This position is contrary to the public statements Equifax has made, including its former CEO’s testimony before Congress that ‘We at Equifax clearly understood that the collection of American consumer information and data carries with it enormous responsibility to protect that data. We did not live up to that responsibility.’”
US District Judge Thomas Thrash of the Northern District of Georgia is overseeing more than 400 lawsuits filed over the breach in the US, which also affected 15 million Brits.
The firm, which suffered what some believe is the biggest – and most expensive – data breach in history, has been heavily criticised for its handling of the issue ever since it emerged on September 8 last year.
There has been a catalogue of disastrous media coverage for the business, including claims that it discovered the hack on July 29, but waited nearly six weeks to warn customers; before it went public on the attack, three Equifax senior executives allegedly sold shares in the company worth almost $1.8m; and that the hackers used a vulnerability which was well known in cybersecurity circles.
In April, Equifax hired private equity firm Warburg Pincus’ managing director Mark Begor to lead the company, following the “retirement” of CEO Richard Smith in the wake of the scandal, which affected up to 185 million accounts in the US, Canada and the UK.
Eight months on, Equifax is still notifying those affected
Equifax hires new chief exec from private equity giant
Equifax could face final bill of $600m for data breach
Former Equifax tech chief charged with insider trading
Equifax can’t find addresses for 14 million customers
FCA launches investigation into Equifax breach farce
The farce continues: Equifax now says 694,000 Brits hit
Equifax: Oops we’ve found another 2.5m stolen records
Equifax CEO is ‘retired’ as company reels from breach
Equifax admits that 400,000 Brits hit by US breach
Flaw on Equifax system was exposed over 6 months ago
44m Brits could be affected by Equifax US data breach
Equifax rocked as mega hack exposes 143m consumers