Equifax Removes Clause Barring Data Breach Victims from Suing If They Use Company’s Help

Equifax has removed a clause from the Terms of Use section of the website set up to help victims of the company’s data breach that previously barred victims from suing Equifax if they used the company’s services.

Consumer credit reporting agency Equifax was the subject of a cyberattack that exposed the personal information of 143 million people the company holds personal information on, including names, dates of birth, addresses, and social security numbers. In response, Equifax set up a website where consumers could input their names and social security numbers to determine whether or not they may be affected by the hack, but included in the site’s Terms of Use was a clause barring victims from suing Equifax if they accepted the company’s help:

AGREEMENT TO RESOLVE ALL DISPUTES BY BINDING INDIVIDUAL ARBITRATION. PLEASE READ THIS ENTIRE SECTION CAREFULLY BECAUSE IT AFFECTS YOUR LEGAL RIGHTS BY REQUIRING ARBITRATION OF DISPUTES (EXCEPT AS SET FORTH BELOW) AND A WAIVER OF THE ABILITY TO BRING OR PARTICIPATE IN A CLASS ACTION, CLASS ARBITRATION, OR OTHER REPRESENTATIVE ACTION. ARBITRATION PROVIDES A QUICK AND COST EFFECTIVE MECHANISM FOR RESOLVING DISPUTES, BUT YOU SHOULD BE AWARE THAT IT ALSO LIMITS YOUR RIGHTS TO DISCOVERY AND APPEAL.

Equifax quickly faced criticism for the clause, including from Senator Elizabeth Warren and the National Consumer Law Center, which called on Equifax to drop the clause from their Terms of Use: “Through those terms, Equifax is purporting to prevent affected customers from access to the courts or the right to join together with the other hundreds of millions of injured consumers to jointly pursue claims against Equifax.”  Equifax has since removed this language from their website and updated the FAQ on the site for victims to clarify the issue:

To confirm, enrolling in the free credit file monitoring and identity theft protection products that we are offering as part of this cybersecurity incident does not prohibit consumers from taking legal action. We have already removed that language from the Terms of Use on the site www.equifaxsecurity2017.com. The Terms of Use on www.equifax.com do not apply to the TrustedID Premier product being offered to consumers as a result of the cybersecurity incident. Again, to be as clear as possible, we will not apply any arbitration clause or class action waiver against consumers for claims related to the free products offered in response to the cybersecurity incident or for claims related to the cybersecurity incident itself.

A potential class action lawsuit was filed against Equifax on Thursday afternoon at a federal court in Oregon, with two Oregon state residents named as the plaintiffs. The suit alleges that Equifax failed to properly protect sensitive user information and states that the suit plans to represent others who were “harmed by Equifax’s failure to adequately protect their credit and personal information.” The plaintiffs state that due to the nature and volume of information in Equifax’s database, the company has a responsibility “to use reasonable care to protect their credit and personal information from unauthorized access by third parties.”

The suit also alleges that in addition to paying for any damages caused by hackers’ possible misuse of the stolen data, victims should not have to bear the cost of employing third-party credit monitoring services as a result of Equifax’s data breach and that Equifax should be forced to “bear the expense caused by Equifax’s negligent failure to safeguard their credit and personal information from cyber-attackers.”

Lucas Nolan is a reporter for Breitbart News covering issues of free speech and online censorship. Follow him on Twitter @LucasNolan_ or email him at lnolan@breitbart.com.


Comment count on this article reflects comments made on Breitbart.com and Facebook. Visit Breitbart's Facebook Page.