Equifax Data Breach – FTC’s Information for Individuals

On September 8, 2017, the FTC’s “Consumer Information” blog provided details regarding the Equifax data breach.

Equifax Data Breach Facts

The FTC’s blog post reported that

[i]f you have a credit report, there’s a good chance that you’re one of the 143 million American consumers whose sensitive personal information was exposed in a data breach at Equifax, one of the nation’s three major credit reporting agencies.

Here are the facts, according to Equifax. The breach lasted from mid-May through July. The hackers accessed people’s names, Social Security numbers, birth dates, addresses and, in some instances, driver’s license numbers. They also stole credit card numbers for about 209,000 people and dispute documents with personal identifying information for about 182,000 people. And they grabbed personal information of people in the UK and Canada too.

Equifax Data Breach – Steps One Can Take to Protect Misuse of Information

The FTC provided information about steps individuals can take to protect misuse of personal information.  One of the steps recommended visiting Equifax’s website, www.equifaxsecurity2017.com.

IMPORTANT NOTE: Individual’s May Unwittingly Waive Their Rights to a Class-Action Lawsuit

According to The Washington Post, although Equifax has established a website to allow individuals to determine if their personal information was exposed, caution should be used, particularly due to the website’s terms of service which potentially restricts one’s legal rights.  According to the Washington Post, “. . . in the terms of service is language that bars those who enroll in the Equifax checker program from participating in any class action lawsuits that may arise from the incident.” 

Further, The Washington Post reported that

. . . after social media users began complaining about the arbitration clause, Equifax updated its terms of service to give consumers an escape hatch if they do not wish to be bound by its language.

Here’s how the opt-out provision reads:

In order to exclude Yourself from the arbitration provision, You must notify Equifax in writing within 30 days of the date that You first accept this Agreement on the Site (for Products purchased from Equifax on the Site). …

[You] must include Your name, address, and Equifax User ID, as well as a clear statement that You do not wish to resolve disputes with Equifax through arbitration.

This language helps address some of the concerns, but it requires consumers to remember to write to Equifax.

The FTC also advised individuals that they can find out if their information was exposed by

 . . . [c]lick[ing] on the “Potential Impact” tab and enter your last name and the last six digits of your Social Security number. Your Social Security number is sensitive information, so make sure you’re on a secure computer and an encrypted network connection any time you enter it. The site will tell you if you’ve been affected by this breach.

According to The Washington Post, the fact that Equifax’s data breach website requests one’s last name and the last six digits of one’s Social Security number is “extremely unusual.” According to another story published by The Washington Post:

“This is very unusual — most security systems are hard-wired only to reveal the last four digits of an SSN for identification purposes,” said Satya Gupta, co-founder & chief technology officer at Virsec Systems, a cybersecurity firm. “This strongly implies that the typical four digits may have been compromised, and they need additional, previously ‘secret’ information to positively identify customers. This reinforces the conundrum of these breaches — with more information exposed, how do you now prove a person’s identity?”

What Can Consumers Do If They Believe Their Personal Information Has Been Compromised?

If you believe your personal information may have been exposed or compromised due to the Equifax data breach, please complete the form to the right or contact either John Kehoe, Esq., (215) 792-6676, Ext. 801, [email protected]; Michael Yarnoff, Esq., (215) 792-6676, Ext. 804, [email protected]; or send an e-mail to [email protected].

Kehoe Law Firm, P.C.

The Kehoe Law Firm, P.C. is a multidisciplinary, plaintiff–side law firm dedicated to protecting investors and consumers from corporate fraud, negligence, and other wrongdoing. Driven by a strong and principled sense of social responsibility and obtaining justice for the aggrieved, Kehoe Law Firm, P.C. represents plaintiffs seeking to recover investment losses resulting from securities fraud, breaches of fiduciary duty, corporate wrongdoing or malfeasance, those harmed by anticompetitive practices, and consumers victimized by fraud, negligence, false claims, deception, data breaches or whose rights to minimum wage and overtime compensation under the federal Fair Labor Standards Act and state wage and hour laws have been violated.