Put something on trial

Public Negotiation

PeopleClaim public mediations with co-plaintiffs are similar to class actions except they're resolved with the help of our community of conflict resolution professionals.

Public mediations with co-plaintiffs may be resolved globally — one offer to all parties — or individually via party-to-party negotiation with each separate claim.

While the goal is to help you find the shortest distance between a problem and its resolution, unresolved public mediations may be referred for formal legal represenatation and class action.

Community-negotiated settlement

Recover damages online

See if you qualify

Public Mediation of Consumers and Businesses v. Equifax

Help resolve this case.
10,000 points for best resolution
Starting reward / contribute

Contribute to cash reward for the best resolution to this case.

Submit Cancel
Join this case
FAQ

Plaintiffs

Opening StatementProvided by: Sarah J., PlaintiffEdited by: Moderator

The theft of 143 million consumers' financial and identification data from Equifax is extremely serious. Victims face an entire lifetime of combating potential fraud and theft. Equifax makes more than $3 billion per year on consumers’ backs, but the breach was reportedly caused by Equifax’ negligence in properly fixing a known problem.

And it’s not just a matter of fraudulent accounts being opened. Even victims’ tax refunds, social security benefits, employment histories and prescription drugs may be at risk - for life.

What’s worse, Equifax didn’t tell anyone about the breach for some six weeks. Who should have been told?

Consumers who didn’t consent to having their information stored and sold in the first place and may still not understand that Equifax had their information. (Formal notification had still not been made to individual consumers as of writing.)
Businesses that bought compromised information and used it to extend credit. Consumers ultimately pay when businesses are defrauded.
Regulators, who have been debating measures to weaken credit bureau accountability and the CFPB after being lobbied to the tune of $3 million per year by credit bureaus.

State requirements for notification ranges from 15 days to “without reasonable delay.” New European Union rules specify notification of a breach within 72 hours, and consumers may recover damages if proper notification isn’t

received.

Equifax’s response is wholly inadequate. First, it asked consumers to find out if they were victims by entering their information into an easily-cloned dedicated website - EquifaxSecurity2017.com. Then it accidentally directed Twitter users to a fake cloned site, SecurityEquifax2017.com.

Equifax’ insulting first offer was for free credit monitoring and fraud protection for a year - with fine print committing consumers to arbitration. Because a credit freeze is a far better option (though unpalatable for credit bureaus) Equifax

has now agreed to lift the “credit freeze” fees permitted in some states until

November 21. But consumers must freeze their credit at all four credit bureaus

in order to be protected, and may also be required to pay fees for “thawing” their own credit as needed ($0-&10 per bureau, per occurrence). Moreover, the security PINs required for thawing are reportedly easily guessed, leaving consumers confused about their best course of action.

Core issues to be considered and discussed below:

Was Equifax negligent? Could the breach have been prevented? Was Equifax’ rapid expansion under Richard F Smith a factor?
Should Equifax have notified consumers sooner? Have consumers even been notified?
What risks do consumers face because of the breach?
What economic compensation does Equifax owe consumers whose information was stolen? Businesses that relied on it?
Should consumers have more rights over the sale of their personal data –including the right to opt out entirely from data sharing?
What actions should consumers take, and what will it cost in time and money? Will inclusion in a class action suit prevent consumers from pursuing damages for actual economic harm later?
What action should Equifax’ Board of Directors take? Should Equifax executives be fired and/or have past salary, bonuses and/or stock options "clawed back" into a victim compensation fund?

vs.

Equifax

If you're a named party in this case you're invited to add an opening statement.

In the absence of a statement from named party(s), PeopleClaim may assign an advocate to provide an opening statement and represent their interests.

Plaintiffs seeking

Economic damages - time and money spent dealing with theft of data

Protection - lifetime free credit "freeze and thaw" at all credit bureaus; mandatory two-factor authentication; ability to opt out entirely.

Changes under the law - better regulation of the sale and storage of personal data; more rights to privacy and control of data for consumers; more transparency and accountability for all credit bureaus.

Who can join?

Consumers and businesses that have been potentially damaged by Equifax data breach.

Join this case

This Trial's Core Issues

1. Was Equifax negligent? Could the breach have been prevented? Was Equifax’ rapid expansion under Richard F Smith a factor?

Equifax was first hacked in March, and then again in May. A vulnerability in Apache Struts2, the open-source software used by many Fortune 500 companies, was identified in early March and a patch was issued. Apache Struts, Cisco, and US-CERT (the U.S. Computer Emergency Readiness Team, pa

2. Should Equifax have notified consumers sooner? Have consumers even been notified?

3 Comments

Equifax and other companies have lobbied vigorously against increased regulation, and regulators have repeatedly balked at creating a national standard for notifying victims about a data breach. State notification laws vary widely, but most simply state that notification of a breach should be "witho

3. What risks do consumers face because of the breach?

1 Comment

Part of the problem is that consumers don't know what they don't know. Currently identified risks that consumers must be aware of include these - but what else should they watch for?

1) New credit lines opened in their names

2) Theft of Social Security benefits

3) False tax returns and theft of t

4. What economic compensation does Equifax owe consumers whose information was stolen? Businesses that relied on it?

To prevail in a lawsuit, consumers will need to prove harm, particularly economic harm. Actual identity theft is a huge time and money suck for victims, who face real misery while trying to prove and remedy the problem.

Those who haven't had their identity stolen YET face anxiety and must stay vigil

5. Should consumers have more rights over the sale of their personal data – including the right to opt out entirely from data sharing?

1 Comment

Consumers resent their personal data and everyday life being packaged and sold. Equifax even captures mundane Tweets, matches them with credit files, and packages them for sale. But it's not just credit bureaus. In April, Congress rolled back new FCC privacy protection rules. Companies like Spo

6. What actions should consumers take, and what will it cost in time and money? Will inclusion in a class action suit prevent consumers from pursuing damages for actual economic harm later?

Consumers have no clear path. They must freeze their credit at all four credit bureaus to potentially guard against future use of their data, but face fees for freezing and/or thawing in many states. Also, the PIN numbers necessary for a thaw are reportedly insecure - which leaves many consumers uns

7. What action should Equifax’ Board of Directors take? Should Equifax executives be fired and/or required to pay past salary, bonuses and stock options into a victim compensation fund?

It isn't yet clear whether Equifax' Board themselves share part of the blame. Should they have questioned Equifax executives more closely about security measures, the reported hack in March, problems endemic in increased data-type collection, etc.? They must also rigorously investigate whe

Collapse issues

Do you have an overall solution for this case?

Sort by:

[-][+]My resolution
8 years ago

Paul B. (Justice-minded person)

Solution: Equifax should declare bankruptcy and, with the approval of a bankruptcy court, create a plan of reorganization that distributes at least 90% of the shares in the new Equifax to the class of all consumers monitored in its credit-monitoring database.

Support: The stock market capitalization of Equifax (share price x shares issued) as of 29 September 2017 is approximately US$12.7 billion. The US Federal Trade Commission reported 143 million potential accounts affected; but the incident also affects consumers in other countries. As such the transfer of ownership of all shares of stock in Equifax to the holders of potentially affected accounts would allow for a recovery of approximately $88 per US consumer account (12.7 billion / 143 million ~ 88.81). Generally, it would be reasonable to expect that the value to a consumer of avoiding the exposure of their identifying information to criminals to be in excess of what consumers pay for identity protection products such as Lifelock or Equifax's monitoring. In general these products have an ongoing cost of over $100/year, so it is reasonable to assume the value to many consumers of keeping the information secure was at least $100/year and perhaps much, much more. This strongly suggests that the combined value of claims against Equifax exceeds the current stock market value of Equifax and thus a reorganization or dissolution under the bankruptcy laws should be seriously considered.

A dissolution is also an option under the bankruptcy laws. However, like most companies, the value of Equifax is primarily from future potential earnings and not in current cash and property, less debts. Given a Price/Book ratio of approximately 5, a complete dissolution of Equifax is likely to yield less than 20% of the current market capitalization, which places the amount that could be returned per potentially affected consumer in a dissolution at less than US$18. While discouraging, that is all there is.

Suggest a resolution

1 claimant has joined this case.

Total Recovery Sought : $14.99

Timeline

October 03, 2017

Former Equifax CEO Richard Smith testifies that both parts of Equifax's two-part protocol for fixing vulnerabilities - deploying an internal patch and then scanning the system for further vulnerabilities - failed. “Both the human deployment of the patch and the scanning deployment did not work,” he told Congress. “The protocol was followed.”

October 02, 2017

Former Equifax CEO Richard Smith testifies before the U.S. House Committee on Energy and Commerce. He says that Equifax's information security department ran scans on March 15 but failed to identify the Apache Struts vulnerability, which therefore wasn't patched as recommended. He further says that Equifax, once it had identified the problem, ran into challenges in its remediation efforts that proved overwhelming, "and, regrettably, mistakes were made."

October 02, 2017

Equifax announces that 2.5 million more consumers' information was stolen, bringing the total number of consumers affected by the Equifax breach to 145.5 million.

September 30, 2017

The IRS finalizes a contract worth $7.25 million with Equifax. Under the no-bid contract Equifax will verify taxpayer identities and "assist in ongoing identity verification and validations" at the IRS. Some lawmakers and consumers initially believe reports to be an Onion article.

September 29, 2017

Bloomberg, in an article titled "The Equifax Hack Has the Hallmarks of State-Sponsored Pros," reports that a rift between cyber security firm Mandiant may have played a part in the length of time the hackers were able to operate inside Equifax, customizing tools and establishing 30 separate portals. "Mandiant warned Equifax that its unpatched systems and misconfigured security policies could indicate major problems, a person familiar with the perspectives of both sides said. For its part, Equifax believed Mandiant had sent an undertrained team without the expertise it expected from a marquee security company. " Bloomberg also notes that investigations are focusing on the possibility that the hackers had inside help, and the probability that an initial team of hackers handed the job on to a team of and state-sponsored hackers (possibly Chinese).

September 28, 2017

Interim CEO Paulino do Rego Barros Jr. extends its offer of free credit freezes and the free TrustedID Premier credit monitoring tool until the end of January. This comes amidst mounting consumer frustration with the Equifax website and call centers. Barros also announces the development of a new consumer tool. "By Jan. 31, Equifax will offer a new service allowing all consumers the option of controlling access to their personal credit data. The service we are developing will let consumers easily lock and unlock access to their Equifax credit files. You will be able to do this at will. It will be reliable, safe and simple. Most significantly, the service will be offered free, for life."

September 26, 2017

Equifax CEO Richard Smith retires with a reported $90 million payday. While Smith will forfeit his 2017 bonus of $3 million or so, Fortune calculates that he will collect $72 million this year and the rest over the next few years (based on security filings). Equifax reserves the right to change "retired" to "fired," depending on how the investigation of the breach turns out.

September 15, 2017

Equifax announces that its top information and security executives are retiring, effective immediately.

September 09, 2017

Via Twitter, Equifax directs potential fraud victims to enter their social security numbers into a fake phishing site that had been set up by a “white hat” software engineer.

September 07, 2017

Congress holds a hearing on HR. 2359, which seeks to cap damage awards, and eliminate punitive damages, for lawsuits filed under the Fair Credit Reporting Act. The bill is introduced by Rep. Barry Loudermilk (R-Georgia). In 2016 Equifax spent $1.1 million lobbying against regulations. 2017 spending so far: $500,000.

September 07, 2017

Equifax finally alerts the public to the intrusion and provided details of a dedicated website for consumers to check whether they were affected

August 22, 2017

Equifax registers the domain name equifaxsecurity2017.com

August 01, 2017

Aug. 1 and 2 – CFO John Gamble, President of US Information Solutions Joseph Loughran, and President of Workforce Solutions Rodolfo Ploder, sell a total of nearly $1.8 million in Equinox stock. The US Department of Justice (DOJ) has opened a criminal investigation into possible insider trading.

July 29, 2017

Equifax discovers the breach revealed on September 7

May 23, 2017

Equifax CFO John Gamble sells $1.91 million in Equifax shares. At the time, Equifax was aware of an earlier hack and a serious investigation had begun.

May 13, 2017

Hackers breached Equifax systems, and continued to do so through July 30

May 13, 2017

May – early June - Financial companies see a spike in fraudulent activity attempting to change business bank deposit numbers

March 14, 2017

Canada Revenue Agency (CRA) says its website was attacked by hackers exploiting an Apache Struts 2 vulnerability

March 08, 2017

US-CERT (the U.S. Computer Emergency Readiness Team, part of the Department of Homeland Security) sends out a notice about the vulnerability and patch.

March 08, 2017

Exact date unknown - reports merely state "early March." Equifax reportedly discovers a data breach.

March 06, 2017

Apache discloses a vulnerability in the Jakarta Multipart parser used in Apache Struts2, open-source software used by multiple Fortune 500 companies.

Suggest an event.

ALSO ON TRIAL

Put something on trial

PeopleClaim is a pre-litigation negotiation platform that allows parties to combine claims against counterparties in order to negotiate group or individual settlements that avoid litigation, increase recovery amounts, and settle cases more constructively. The process does not requre a lawyer or legal representation and does not carry the force of law. Read more...

How public mediation works