People have tried to hold Equifax responsible since its massive security breach in which almost 150 million people had their sensitive personal information exposed.
Some have successfully sued Equifax in small-claims court, and won even after the company’s expensive lawyers appealed. Many, however have not won, as the case is a tricky one. How do you show damages after getting your information stolen, if you can’t point to damages stemming from identity theft or lost money?
The cases that have won so far have used the costs of buying credit monitoring services as a way to show damages, but it hasn’t always been enough to prove damage in the eyes of a judge.
The real meaty cases have been coming together into a class action, which an Atlanta judge allowed to proceed in late January. But the same question remains: how can people whose sensitive personal information was compromised show “damages”?
This week, the CEOs of the three main credit bureaus, Equifax, Transunion, and Experian, went in front of Congress to talk about America’s broken credit reporting system, in which one in five people have an error on their credit reports, according to the FTC.
The forum proved an opportunity for Equifax’s new CEO, Mark Begor, to highlight the company’s efforts to invest in security after the security breach. Begor seemed to convince lawmakers on both sides of the aisle that the company is working to improve itself by investing in security and to fix that horrible one-for-five record.
But it also provided an opening for the plaintiffs in lawsuits against Equifax — like this one — to strengthen their offense. Rep. Katie Porter (D-Calif.), who is also a consumer protection attorney, pointedly asked Begor to share his Social Security number, birth date, and address.
“I would be a bit uncomfortable doing that, Congresswoman. If you would so oblige me, I would prefer not to,” Begor said.
“Could I ask you why you’re not unwilling,” she followed up.
“Well, that’s sensitive information; I think it’s sensitive information that I’d like to protect and I think consumers should protect theirs,” said Begor.
When asked what he would be concerned about, Begor said he was worried about identity theft “like every American,” and noted he had his identity stolen three times, twice for a tax return and once with fraudulent accounts in his name.
.@RepKatiePorter to Equifax CEO: "if you agree that exposing information like what exists in your credit reports creates harm...WHY are your lawyers arguing in federal court that there was no injury & no harm created by your data breach?" pic.twitter.com/fNFUCe4uRY— AFR (@RealBankReform) February 26, 2019
“Somehow they got my Social Security number, my date of birth and my address, then changed my address and opened up an account,” he said.
Porter then asked, since Begor agrees that exposing credit information like this causes harm, why are Equifax’s lawyers arguing in court that the cases should be dismissed because there is “no injury and no harm”?
Begor demurred, but was cut off by Porter, who reminded him that they work for him as the CEO of the company. She advised him to talk to them to reconsider their strategy and the incident was over.
The moment was brief but it could have an impact on cases and strategies going forward, as plaintiffs now have something to point to showing that even the Equifax CEO sees the harm — even if it’s abstract and difficult to quantify.