Two Oregon residents are suing Equifax Inc. after the Atlanta company revealed Thursday a security breach of its massive consumer database that could affect more than 143 million people in the United States.
Mary McHill of Portland and Brook Reinhard of Eugene filed their lawsuit Thursday, Sept. 7, in U.S. District Court. They're seeking class-action status for the lawsuit to cover tens of thousands of people whose personal information may have been compromised by the breach.
No court date has been set for the case. A federal judge also has not yet granted class-action status to the complaint. It was the first lawsuit filed in the security breach case.
No damage amount was listed in the lawsuit. McHill and Reinhard are asking the court to determine "fair compensation" for the plaintiffs.
Equifax, which has not commented on the lawsuit, said Thursday that hackers "exploited a U.S. website application vulnerability to gain access to certain files," between mid-May and July. Equifax said it "found no evidence of unauthorized activity core consumer or commercial credit reporting databases."
The company said the information accessed by the hacker had consumer's names, Social Security numbers, birth dates, addresses and, in some case, driver's license numbers. Credit card numbers for about 209,000 U.S. consumers, and personal documents for about 182,000 consumers also were accessed in the breach, according to the company.
On Thursday, Equifax set up a website (www.equifaxsecurity2017.com/ ) to help people determine if their information was breached and what steps they can take to protect their identity.
A 'teachable moment'
Attorneys representing McHill and Reinhard claimed in the complaint that the breach showed that Equifax was negligent and that the company "failed to maintain adequate technological safeguards to protect Ms. McHill and Mr. Reinhard's information from unauthorized access by hackers."
"Equifax knew and should have known that failure to maintain adequate technological safeguards would eventually result in a massive data breach," according to the complaint. "Equifax could have and should have substantially increased the amount of money it spent to protect against cyber-attacks but chose not to. Consumers like Ms. McHill and Mr. Reinhard should not have to bear the expense caused by Equifax's negligent failure to safeguard their credit and personal information from cyber-attackers."
Lawyers said that because of the breach, Reinhard had to spent $19.95 "to pay for third-party credit monitoring services he otherwise would not have had to pay for."
"Ms. McHill and Mr. Reinhard hope Equifax will use this massive data breach, and their subsequent lawsuit, as a teachable moment to finally adopt adequate safeguards to protect against this type of cyberattack in the future," according to the lawsuit.