West Virginia joined an array of plaintiffs seeking damages from hacked credit bureau Equifax, arguing that it failed to protect the identities of roughly half the state’s residents, leaving them at heightened risk of fraud for the rest of their lives.
The Atlanta-based company’s behavior “constitutes a shocking betrayal of public trust and an egregious violation of West Virginia consumer protection and data privacy laws,” Attorney General Patrick Morrisey said in a statement.
Morrisey is at least the second state attorney general to file a civil suit against the company, which disclosed in September 2017 that hackers had obtained personal identification data for more than 140 million people from its servers, including birth dates, Social Security numbers and driver’s license numbers.
Massachusetts Attorney General Maura Healey filed a lawsuit in that state last fall, and a separate class-action case in federal court in Atlanta seeks damages for people in all 50 states and the District of Columbia.
Under a barrage of criticism for not safeguarding what Congress members called a digital Fort Knox, not alerting consumers to what had happened for months and an initially clumsy response to their queries, CEO Richard Smith stepped down last fall as the company’s stock slid and numerous government agencies began investigations.
In West Virginia’s case, Morrisey claims that Equifax not only failed to take appropriate safeguards but misled consumers into believing that it had done so, both violations of state law. Equifax’s initial offer of lifetime credit monitoring also deceived consumers with a provision requiring that they agree to settle any disputes with the company through private arbitration rather than in court, the state claimed in its suit.
Equifax faced widespread initial criticism for the provision, which it has said was unintentionally included in the offer. U.S. Sen. Elizabeth Warren, a Massachusetts Democrat, has since called for Congress to set strict cybersecurity standards for Equifax as well as rivals Experian and TransUnion, which charge lenders for extensive credit histories used in considering consumer loan applications.
Late last month, Equifax appointed General Electric veteran Mark Begor, 59, as CEO, tasking him with restoring the firm’s tarnished reputation. Just weeks earlier, one of the firm’s former executives was indicted on a charge of insider trading when federal investigators said he sold nearly $1 million of his Equifax stock after learning of the breach before it was made public.
Begor will be paid $1.5 million a year with the opportunity for a cash bonus of twice as much, according to a regulatory filing. He’s also receiving stock awards valued at as much as $17 million, subject to time and performance limits, though the board has a clawback option covering oversight failures that cause harm to the company’s finances or reputation.
