Why the Equifax Data Breach is Making History

Why the Equifax Data Breach is Making History

It seems that every major news outlet in the United States – and the world – has covered the Equifax Data Breach lately. Yet, it remains a complicated issue that many Americans, even those affected by it directly, are not fully familiar with. As far as the law is concerned, there are many reasons why the Equifax Data Breach are historic. But first, let’s take a step back and discuss what happened here in fundamental terms:

Equifax is one of the three largest credit reporting companies in the United States. They have access to every important piece of data about a person – from their social security number and their addresses, to their tax information and income histories – and they use this information in the process of credit checks. When you buy a house, a car, or apply for a credit card, a credit check is run to see if you’re the right type of person to be given access to credit based on your history, like one giant report-card of adulthood.

In early summer, a data breach into Equifax’s supposedly secure system allowed hackers to take the above-mentioned information – including social security numbers – of up to 143 million citizens. The breach is historic because of the immensely large group of people affected. But, that’s not where the story ends. Unfortunately, when your job as a company with access to private information requires you to keep that information safe and guard against a data breach, failure to do so is negligence. Imagine if your doctor left your private medical records all over a table at your local Starbucks – while not entirely the same situation here, the point is that Equifax’s duty was to keep records safe, and they may have very well failed to do that.

Another component to the Equifax Data Breach is the criminal component. Multiple officers and executives of the company sold large shares of stock far before a public announcement about the data breach was made. While everyone is innocent until proven guilty, that type of behavior is textbook insider-trading behavior, and warrants the Securities Exchange Commission (SEC) and other agencies to run a full investigation of the matter.

To add insult to injury, there are many different – and simultaneous – legal consequences that will occur for Equifax in the coming months. Those charged with insider trading violation will face criminal prosecution for those crimes, and could potentially (and very likely) face civil lawsuits from shareholders for their actions. Equifax as a whole will face countless lawsuits on behalf of individual people, and in the form of class actions (where hundreds of plaintiffs join together to sue as one unit).  Individual states (potential every single state in the country) are able to sue Equifax under consumer protection laws, often commenced by the attorney general of each state on behalf of the citizens of that state, for failing to comply with laws and acting in a negligent manner. In summary, it is promising to be the largest legal event of its kind in the history of the United States, inclusive of many other historical marks, like the largest class action in history, and the most number of states to sue for the same cause in history.

As the legal battlefield just begins to take shape, those affected by the Equifax Data Breach begin to examine whether they have been – or potentially when they will be – affected by the fact that their data, along with the data of 143 million others, is no longer private and very much at risk of being abused in our complex, digital world.