Equifax Is Bashed for Forcing Arbitration on Consumers After Data Breach
The credit reporting agency Equifax Inc. faces enormous national backlash and future scrutiny after revealing one of the largest data breaches in the U.S., one that potentially affects nearly half of the country's population. The company drew even more criticism for its move to force customers to agree to arbitration to participate in a free credit monitoring and identity theft service. Equifax has resisted efforts by U.S. regulators to ban the widespread use of arbitration agreements in consumer contracts in the banking and finance industries.
September 08, 2017 at 01:10 PM
12 minute read
The credit reporting agency Equifax Inc. faces enormous national backlash and future scrutiny after revealing one of the largest data breaches in the United States, one that potentially affects nearly half of the country's population.
The company's revelation that personally identifiable information for some 143 million consumers was stolen in a cyberattack will lead to a wave of class actions across the country—early suits were filed in Georgia, where the company is based, and in Oregon. The New York Attorney General's Office launched an investigation.
The website Equifax set up to help consumers determine whether their sensitive personal information was exposed came with a catch: To join Equifax's free identity theft protection program, consumers were required to agree to terms of service that included an arbitration clause that would prevent them from joining class actions against the company.
After coming under criticism on social media, Equifax updated the terms of service Friday morning to allow consumers to exclude themselves from the arbitration provision by notifying the company within 30 days of signing the agreement.
Read more: Equifax Breach Spawns Class Actions Coast to Coast
Equifax was taking advantage of a window that is closing by the day: On Sept. 18, the company will be subject to a Consumer Financial Protection Bureau rule that would bar class action waivers from arbitration agreements in the banking and finance industries. The rule—which Equifax and others in the credit-reporting industry contend should not apply to them—would apply to contracts entered into on or after March 19, 2018.
A spokesman for the CFPB assailed Equifax for its move to include an arbitration agreement for consumers harmed by the breach.
“Equifax's credit monitoring product contains a mandatory arbitration clause that denies people their right to join together to sue the company for wrongdoing. It is troubling that Equifax is forcing people to waive legal rights in order to receive fraud monitoring after the company's breach put their personal information at risk,” CFPB spokesman Sam Gilford said in an email. “Equifax could remove this clause so that consumers can receive this service without condition.”
A company spokesperson also was not immediately reached for comment.
“We pride ourselves on being a leader in managing and protecting data, and we are conducting a thorough review of our overall security operations,” Equifax chairman and chief executive Richard F. Smith said in a statement Thursday. “We also are focused on consumer protection and have developed a comprehensive portfolio of services to support all U.S. consumers, regardless of whether they were impacted by this incident.”
Scott Nelson of Public Citizen, writing Friday at the group's Consumer Law & Policy blog, said: “Equifax's arbitration agreement wouldn't even be legal if the compliance date for the CFPB arbitration rule had arrived, but the fact that the compliance date hasn't arrived is no reason for Equifax to foist another injustice on people already facing injury as a result of its security failures.”
|Equifax's Lobbying Blitz
Last year, when the CFPB was accepting comments on the arbitration rule, the chief trade association for the credit reporting lobby pushed to spare the industry from the ban on class action waivers.
The Consumer Data Industry Association argued in an August 2016 letter that the CFPB lacked authority to apply the arbitration to credit reporting agencies and credit monitoring products offered by them. The letter—signed by the association's president and CEO, Stuart Pratt, and sent to the CFPB by Covington & Burling partner David Stein—argued that the arbitration study that gave rise to the rule did not support extending the prohibition on class action waivers to credit reporting agencies.
“There are critical gaps in the CFPB's arbitration study that deprive the CFPB of the legal authority to apply the proposed arbitration rule to [credit reporting agencies] or their affiliates offering or providing [direct-to-consumers] credit monitoring products or to [credit reporting agencies] more generally,” the Consumer Data Industry Association wrote. The letter to the CFPB said the agency in its market studies didn't look at the consumer reporting industry.
The rule is in the hands of the Senate, which could spike the regulation under the Congressional Review Act—a legislative tool Republicans have used this year to undo more than a dozen Obama-era policies.
Consumer advocates on Friday hammered Equifax for tucking an arbitration clause into the free credit monitoring service it is offering consumers. “It is despicable that Equifax would exploit consumers' need for identity theft monitoring to avoid accountability for this devastating breach,” said Amanda Werner, the arbitration campaign manager for the advocacy groups Public Citizen and Americans for Financial Reform. “Perhaps more despicable, at this very moment, U.S. senators are weighing legislation to take away our right to hold companies like Equifax accountable in court.”
Lobbying against the CFPB's arbitration rule was one of a host of issues the company reported in federal records. Those records show Equifax spent $500,000 this year on issues including data security and breach notification, cybersecurity and threat information sharing, the CFPB's consumer complaint database and arbitration rule, and liability under the Fair Credit Reporting Act, or FCRA.
The company supports the FCRA Liability Harmonization Act, a bill introduced in May that would cap class action damages under the Fair Credit Reporting Act and end punitive damages. U.S. Rep. Barry Loudermilk, R-Georgia, sponsored the bill. His office said numerous business advocates—including the U.S. Chamber of Commerce, Financial Services Roundtable, Consumer Data Industry Association and the American Bankers Association—support the legislation.
Equifax's potential liability under the Fair Credit Reporting Act will be tested in the lawsuits that are emerging around the country. A case in Atlanta federal district court, filed hours after Equifax alerted the public about the data breach, seeks statutory damages under the Fair Credit Reporting Act.
Equifax, according to the complaint, “acted willfully and recklessly because it knew or should have known about its legal obligations regarding data security and data breaches under the FCRA.”
The credit reporting agency
The company's revelation that personally identifiable information for some 143 million consumers was stolen in a cyberattack will lead to a wave of class actions across the country—early suits were filed in Georgia, where the company is based, and in Oregon. The
The website Equifax set up to help consumers determine whether their sensitive personal information was exposed came with a catch: To join Equifax's free identity theft protection program, consumers were required to agree to terms of service that included an arbitration clause that would prevent them from joining class actions against the company.
After coming under criticism on social media, Equifax updated the terms of service Friday morning to allow consumers to exclude themselves from the arbitration provision by notifying the company within 30 days of signing the agreement.
Read more: Equifax Breach Spawns Class Actions Coast to Coast
Equifax was taking advantage of a window that is closing by the day: On Sept. 18, the company will be subject to a Consumer Financial Protection Bureau rule that would bar class action waivers from arbitration agreements in the banking and finance industries. The rule—which Equifax and others in the credit-reporting industry contend should not apply to them—would apply to contracts entered into on or after March 19, 2018.
A spokesman for the CFPB assailed Equifax for its move to include an arbitration agreement for consumers harmed by the breach.
“Equifax's credit monitoring product contains a mandatory arbitration clause that denies people their right to join together to sue the company for wrongdoing. It is troubling that Equifax is forcing people to waive legal rights in order to receive fraud monitoring after the company's breach put their personal information at risk,” CFPB spokesman Sam Gilford said in an email. “Equifax could remove this clause so that consumers can receive this service without condition.”
A company spokesperson also was not immediately reached for comment.
“We pride ourselves on being a leader in managing and protecting data, and we are conducting a thorough review of our overall security operations,” Equifax chairman and chief executive Richard F. Smith said in a statement Thursday. “We also are focused on consumer protection and have developed a comprehensive portfolio of services to support all U.S. consumers, regardless of whether they were impacted by this incident.”
Scott Nelson of Public Citizen, writing Friday at the group's Consumer Law & Policy blog, said: “Equifax's arbitration agreement wouldn't even be legal if the compliance date for the CFPB arbitration rule had arrived, but the fact that the compliance date hasn't arrived is no reason for Equifax to foist another injustice on people already facing injury as a result of its security failures.”
|Equifax's Lobbying Blitz
Last year, when the CFPB was accepting comments on the arbitration rule, the chief trade association for the credit reporting lobby pushed to spare the industry from the ban on class action waivers.
The Consumer Data Industry Association argued in an August 2016 letter that the CFPB lacked authority to apply the arbitration to credit reporting agencies and credit monitoring products offered by them. The letter—signed by the association's president and CEO, Stuart Pratt, and sent to the CFPB by
“There are critical gaps in the CFPB's arbitration study that deprive the CFPB of the legal authority to apply the proposed arbitration rule to [credit reporting agencies] or their affiliates offering or providing [direct-to-consumers] credit monitoring products or to [credit reporting agencies] more generally,” the Consumer Data Industry Association wrote. The letter to the CFPB said the agency in its market studies didn't look at the consumer reporting industry.
The rule is in the hands of the Senate, which could spike the regulation under the Congressional Review Act—a legislative tool Republicans have used this year to undo more than a dozen Obama-era policies.
Consumer advocates on Friday hammered Equifax for tucking an arbitration clause into the free credit monitoring service it is offering consumers. “It is despicable that Equifax would exploit consumers' need for identity theft monitoring to avoid accountability for this devastating breach,” said Amanda Werner, the arbitration campaign manager for the advocacy groups Public Citizen and Americans for Financial Reform. “Perhaps more despicable, at this very moment, U.S. senators are weighing legislation to take away our right to hold companies like Equifax accountable in court.”
Lobbying against the CFPB's arbitration rule was one of a host of issues the company reported in federal records. Those records show Equifax spent $500,000 this year on issues including data security and breach notification, cybersecurity and threat information sharing, the CFPB's consumer complaint database and arbitration rule, and liability under the Fair Credit Reporting Act, or FCRA.
The company supports the FCRA Liability Harmonization Act, a bill introduced in May that would cap class action damages under the Fair Credit Reporting Act and end punitive damages. U.S. Rep. Barry Loudermilk, R-Georgia, sponsored the bill. His office said numerous business advocates—including the U.S. Chamber of Commerce, Financial Services Roundtable, Consumer Data Industry Association and the American Bankers Association—support the legislation.
Equifax's potential liability under the Fair Credit Reporting Act will be tested in the lawsuits that are emerging around the country. A case in Atlanta federal district court, filed hours after Equifax alerted the public about the data breach, seeks statutory damages under the Fair Credit Reporting Act.
Equifax, according to the complaint, “acted willfully and recklessly because it knew or should have known about its legal obligations regarding data security and data breaches under the FCRA.”
This content has been archived. It is available through our partners, LexisNexis® and Bloomberg Law.
To view this content, please continue to their sites.
Not a Lexis Subscriber?
Subscribe Now
Not a Bloomberg Law Subscriber?
Subscribe Now
NOT FOR REPRINT
© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
You Might Like
View AllEquifax Is Bashed for Forcing Arbitration on Consumers After Data Breach
12 minute readA Law Firm 'Cleverly' Used Ellipses to Fight a CFPB Investigation. But It Still Lost.
4 minute readIs the CEO Pay Disclosure Rule Still Alive? And: SEC Takes On 'Fake News'
4 minute readTrending Stories
- 1'Largest Retail Data Breach in History'? Hot Topic and Affiliated Brands Sued for Alleged Failure to Prevent Data Breach Linked to Snowflake Software
- 2Former President of New York State Bar, and the New York Bar Foundation, Dies As He Entered 70th Year as Attorney
- 3Legal Advocates in Uproar Upon Release of Footage Showing CO's Beat Black Inmate Before His Death
- 4Longtime Baker & Hostetler Partner, Former White House Counsel David Rivkin Dies at 68
- 5Court System Seeks Public Comment on E-Filing for Annual Report
Who Got The Work
Michael G. Bongiorno, Andrew Scott Dulberg and Elizabeth E. Driscoll from Wilmer Cutler Pickering Hale and Dorr have stepped in to represent Symbotic Inc., an A.I.-enabled technology platform that focuses on increasing supply chain efficiency, and other defendants in a pending shareholder derivative lawsuit. The case, filed Oct. 2 in Massachusetts District Court by the Brown Law Firm on behalf of Stephen Austen, accuses certain officers and directors of misleading investors in regard to Symbotic's potential for margin growth by failing to disclose that the company was not equipped to timely deploy its systems or manage expenses through project delays. The case, assigned to U.S. District Judge Nathaniel M. Gorton, is 1:24-cv-12522, Austen v. Cohen et al.
Who Got The Work
Edmund Polubinski and Marie Killmond of Davis Polk & Wardwell have entered appearances for data platform software development company MongoDB and other defendants in a pending shareholder derivative lawsuit. The action, filed Oct. 7 in New York Southern District Court by the Brown Law Firm, accuses the company's directors and/or officers of falsely expressing confidence in the company’s restructuring of its sales incentive plan and downplaying the severity of decreases in its upfront commitments. The case is 1:24-cv-07594, Roy v. Ittycheria et al.
Who Got The Work
Amy O. Bruchs and Kurt F. Ellison of Michael Best & Friedrich have entered appearances for Epic Systems Corp. in a pending employment discrimination lawsuit. The suit was filed Sept. 7 in Wisconsin Western District Court by Levine Eisberner LLC and Siri & Glimstad on behalf of a project manager who claims that he was wrongfully terminated after applying for a religious exemption to the defendant's COVID-19 vaccine mandate. The case, assigned to U.S. Magistrate Judge Anita Marie Boor, is 3:24-cv-00630, Secker, Nathan v. Epic Systems Corporation.
Who Got The Work
David X. Sullivan, Thomas J. Finn and Gregory A. Hall from McCarter & English have entered appearances for Sunrun Installation Services in a pending civil rights lawsuit. The complaint was filed Sept. 4 in Connecticut District Court by attorney Robert M. Berke on behalf of former employee George Edward Steins, who was arrested and charged with employing an unregistered home improvement salesperson. The complaint alleges that had Sunrun informed the Connecticut Department of Consumer Protection that the plaintiff's employment had ended in 2017 and that he no longer held Sunrun's home improvement contractor license, he would not have been hit with charges, which were dismissed in May 2024. The case, assigned to U.S. District Judge Jeffrey A. Meyer, is 3:24-cv-01423, Steins v. Sunrun, Inc. et al.
Who Got The Work
Greenberg Traurig shareholder Joshua L. Raskin has entered an appearance for boohoo.com UK Ltd. in a pending patent infringement lawsuit. The suit, filed Sept. 3 in Texas Eastern District Court by Rozier Hardt McDonough on behalf of Alto Dynamics, asserts five patents related to an online shopping platform. The case, assigned to U.S. District Judge Rodney Gilstrap, is 2:24-cv-00719, Alto Dynamics, LLC v. boohoo.com UK Limited.
Featured Firms
Law Offices of Gary Martin Hays & Associates, P.C.
(470) 294-1674
Law Offices of Mark E. Salomone
(857) 444-6468
Smith & Hassler
(713) 739-1250