Serving the Big Horn Basin for over 100 years

Equifax sued for violating Wyoming Consumer Protection Act

CHEYENNE — The Wyoming Attorney General’s office filed suit last week against Equifax Inc. for allegedly violating the Wyoming Consumer Protection Act.

The lawsuit filed in Laramie County District Court alleges Equifax partook in unfair and deceptive trade practices in connection with “consumer transactions prohibited by the Wyoming Consumer Protection Act.”

The case comes as Equifax reached a settlement with the Federal Trade Commission and the Consumer Financial Protection Bureau in connection with its 2017 data breach that compromised the information of 147 million people, according to the New York Times. The lawsuit was settled for up to $700 million, and people can fill out a claim form on Equifax’s website to collect damages, if they are eligible.

According to court documents filed here July 22:

Equifax is a credit reporting company based out of Georgia. It was founded in 1899, and is the oldest and largest consumer credit reporting agency. The company analyzes personal information from more than 820 million consumers and 91 million businesses globally.

On March 8, 2017, Equifax was notified by the open-source software company Apache Struts, which the company used to operate its website, that there was an error in the software that made the website vulnerable to hackers. Apache Struts provided a patch for its software that would fix the vulnerability, which Equifax failed to apply.

On Sept. 8, 2017, Equifax announced that its network security infrastructure had been breached, and people’s information was compromised. The breach was a result of Equifax failing to fix the Apache Struts software.

Once the hackers were able to get inside of Equifax’s network, they also were able to take advantage of other network security failures in the company’s system and steal more consumer information.

A total of 243,504 of the 147 million people affected by the breach are Wyoming residents. The consumer information compromised includes Social Security numbers, birth dates, addresses, driver’s license numbers, credit card numbers and credit dispute documents.

The breach caused substantial harm to consumers by exposing personal data that increases the risk of identity theft. The harm included economic and non-economic damages, such as products people have purchased to protect their identities, as well as services such as credit freezes, credit monitoring and more.

People affected by the breach have also lost wages through the steps they needed to take to protect their identities, or, in other cases, where money was stolen due to identify theft from the breach. This also includes wages lost in the process to restore stolen identities.

The suit claims Equifax failed to take the steps necessary to protect consumer information by not utilizing the available software patch after it was notified of the vulnerability.

Nowadays, people don’t choose to have their information compiled by Equifax, but anyone who has had a financial transaction in the past few decades – apartment rental, home loans, car purchases, credit cards accounts and more – have likely had an Equifax credit report.

Due to this, it’s not possible to avoid having Equifax compile sensitive personal information.

As a result, according to the attorney general, Equifax violated the Wyoming Consumer Protection Act by making false and misleading statements to consumers regarding its data protection, failed to adequately inform consumers regarding data protection practices and failed to take reasonable steps to protect consumer information.

The suit is asking for $10,000 in civil penalties for each violation of the act and enhanced civil penalties of $15,000 for each violation of the act pertaining to older people or people with disabilities.

It is also asking for actual damages or money restoration for all affected people at trial and any other judgement the court deems fit.