WASHINGTON - The scenario that personal finance and credit experts feared most about the heist of consumer data from Equifax may already be underway: Criminals are using the stolen information to apply for mortgages, credit cards, student loans, …
This item is available in full to subscribers
Click here to log in
If you're a print subscriber, but do not yet have an online account, click here to create one.
If you aren't yet a subscriber,
click here to start a new subscription.
You also have the option of purchasing 24 hours of website access, for just 99 cents. *
Click here to continue.
* Full access is available from time of purchase through 11:59pm the following day
WASHINGTON - The scenario that personal finance and credit experts feared most about the heist of consumer data from Equifax may already be underway: Criminals are using the stolen information to apply for mortgages, credit cards, student loans, tapping into bank debit accounts, filing insurance claims and racking up substantial debts, according to a major new class-action suit.
The suit pulls together dozens of individual complaints from consumers in all 50 states plus the District of Columbia and suggests that cyber criminals aren't wasting time using the Social Security numbers, credit card accounts, driver's license numbers and other sensitive personal information they siphoned out of the credit bureau's reputedly secure databases on 145.5 million Americans.
Filed in federal district court in Equifax's home territory of Atlanta, the suit is intended to create a single, giant national class action against the company. It alleges violations of federal and state laws and cites claims by more than 50 individual plaintiffs whose information was hacked that significant financial damage already is occurring:
The suit, Allen et al v. Equifax, charges that the company "failed spectacularly" in its legal responsibilities to protect consumers' confidential data. It also alleges that the company failed to take steps to upgrade its security protocols, including installing a remedial "patch" provided by a software maker, and then delayed informing consumers about the breach, thereby preventing them from taking steps to minimize the damage.
Through Equifax's negligence, according to the suit, cybercriminals gained access to data that now "permits thieves to create fake identities, fraudulently obtain loans, swipe tax refunds and destroy" consumers' creditworthiness. Among the most vulnerable potential and actual victims: Home buyers and mortgage applicants who "tend to have significant information on file with credit bureaus," and as a result are "especially at risk" for ID theft after the Equifax data breach.
A spokesperson for Equifax had no comment on the litigation. Attorneys representing the 50-plus individual plaintiffs in the suit also declined to comment. The potential size of the class represented by the suit is enormous - "all residents of the United States whose personal information was compromised as a result of the data breach announced by Equifax." The allegations include violations of the federal Fair Credit Reporting Act, the FTC Act, plus state consumer protection laws, deceptive practices and data breach rules, all of which are recounted in the 323-page filing, state by state.
The suit is particularly harsh in its criticism of Equifax's alleged failures to heed red flags indicating that its systems were not secure. In April 2017, according to the suit, cyber-risk analysis firm Cyence rated the probability of a security breach at Equifax at 50 percent in the next 12 months. Credit analytics firm FICO gave Equifax low marks on data protection - an enterprise security score around 550 on a scale of 300 to 850. In 2014, Equifax "left private encryption keys on its server," potentially allowing hackers to decrypt sensitive data, according to the suit.
How might this giant class-action suit affect you? If you own a home, have a mortgage or received information from Equifax that your files were accessed, you are likely part of the class. You needn't do anything to join. Keep in mind though: the case may sound like a slam dunk, but it might not be. Lawyers will need to demonstrate a link between plaintiffs' claims of identity theft and the Equifax breach itself, which may be challenging to prove.
In the meantime, remember that it's not too late for you to get defensive. If you're like the vast majority of consumers who have not yet placed freezes on their files at Equifax, Experian, TransUnion and Innovis, consider doing so now. For information on how to proceed, go to https://www.consumer.ftc.gov/articles/0497-credit-freeze-faqs.
Ken Harney's email address is firstname.lastname@example.org.
Copyright 2017, Washington Post Writers Group
More Articles to Read