San Francisco sues Equifax on behalf of 15 million Californians affected by the breach

Equifax is not only in deep for a class-action lawsuit over a breach exposing 143 million U.S. citizen’s Social Security numbers and a subpoena in New York, it’s now being sued by the city of San Francisco.

S.F. City Attorney Dennis Herrera filed the lawsuit against the credit reporting agency in San Francisco Superior Court for “failing to protect the personal data of more than 15 million Californians,” according to a statement.

The lawsuit further accuses Equifax of violating California state law, failure to provide a timely notice of the data breach to affected Californians and failure to provide complete, plain and clear information.

“Equifax’s incompetence would be comical if the subject matter weren’t so serious,” Herrera said in the statement. “This company fell asleep at the switch and upended the lives of millions of people. The information that Equifax failed to safeguard is what people need to open a bank account, buy a home or rent an apartment. Now Californians have been put at risk of identity theft for years to come.”

The suit seeks restitution for Californians who purchased credit monitoring services from Equifax before the breach was made public on September 7, 2017.

Equifax learned about a major data breach in its system sometime in March of this year, well before it made news of the breach public. The company finally released news of the breach earlier this month and then offered up a website for consumers to check if they were one of the 143 million affected by the hack.

However, the site seemed to randomize who was affected, creating confusion on who had been affected. Instead, it encouraged folks, whether they’d been told they were affected or not, to sign up for its paid product TrustID.

To tangle matters more, language in the Terms of Service (ToS) prevented those who signed up from suing the company. Equifax later came out with a statement that the ToS would not apply in the instance of this breach.

Obviously, many things went wrong during the breach disclosure and in the aftermath, and people are rightfully upset at the way Equifax has handled the situation.

Amidst the turmoil, Equifax’s CEO Richard Smith “retired” yesterday, following the company’s chief security officer and chief information officer also retiring, which all adds up to some pretty odd timing.