The attorney general of Indiana has filed a lawsuit against Equifax. It is in response to the massive data breach that took place in 2017.
It was a data breach that stunned American’s. In 2017, Equifax made headlines after their information was taken by hackers. At first, the breach was reported to have affected 123 million people. In early 2018, that number was upgraded to 145 million people. A month later, an additional 2.4 million people were disclosed as having been affected. In all, 147.9 million people were exposed.
In September, Britain moved forward and fined the company £500,000. At the time, some were asking why the fine is so low. This is because the breach took place before the General Data Protection Regulation (GDPR) took effect, so Britain could only fine them under the previous laws.
While there has been legal repercussions in Britain, there didn’t seem to be much happening in the US. This led some skeptics to think that Equifax will not face justice on American soil. For a considerable time, that appeared to be accurate. Now, however, this has changed thanks to Indiana Attorney General Curtis Hill. According to The Indy Channel, Hill announced that he has filed a lawsuit against the company. From the report:
Indiana Attorney General Curtis Hill on Monday announced his office has filed a lawsuit against Equifax stemming from a 2017 data breach that compromised the sensitive personal information of 147.9 million Americans, including 3.9 million Hoosiers.
The lawsuit seeks civil penalties, consumer restitution, costs and injunctive relief. The breach occurred between May 13 and July 30, 2017. An investigation by the U.S. House of Representatives Committee on Oversight and Government Reform concluded the breach was “entirely preventable.”
“Data breaches such as this one cause real harm to real people,” Hill said. “Hoosiers trust us to work hard every day to ensure their safety and security. This action against Equifax results from an extensive investigation, and we will continue our diligent efforts to protect consumers from illegal or irresponsible business activities.”
The report goes on to say that Hill blames the company and its CEO for an aggressive growth strategy that left IT infrastructure vulnerable. What is interesting is that the report doesn’t specify if any specific monetary damages are being sought, so it’s unclear exactly what is being sought at this point.
Still, this does show that legal action from government is at least taking place now. It’s unlikely that this will satisfy critics who feel that Equifax is getting let off the hook, but it’s hard to argue that this isn’t a step in a direction that holds Equifax at least remotely accountable. This also raises the possibility that other lawsuits could be formulating in the background in other American jurisdictions. After all, a perfectly valid question is whether or not this just happens to be the first lawsuit out of the gate.
So, it’ll be interesting to see if this is the start of much larger legal problems for the company in the first place or if this really is just a one off case. Either way, the Equifax data breach story isn’t dead yet.
Drew Wilson on Twitter: @icecube85 and Facebook.