We reported yesterday that Equifax changed its terms of use ahead of disclosing the largest leak of personal data in history. The updated terms of service made sure that users opting to enroll in the credit check program to see if they were affected by the data exposure incident were waiving their right to participate in a class action lawsuit. As reported earlier, the company is already facing a multi-billion dollar class action lawsuit.
In response to these changes to terms of use, New York Attorney General Eric Schneiderman and the Consumer Financial Protection Bureau (CFPB) called Equifax’s arbitration clauses troubling. "This language is unacceptable and unenforceable," Schneiderman had tweeted. "My staff has already contacted @Equifax to demand that they remove it."
Both Schneiderman's office and Illinois attorney general announced formal investigations into the Equifax breach that leaked data of over 143 million Americans, including their Social Security Numbers, addresses, birth dates, driver's license numbers, and credit card details in some cases.
Equifax says the arbitration clause won't apply to this data breach
Following the major outcry on social media against the company that first failed to protect its consumers and then engaged in unethical practices, Equifax has now come around. In a statement released late Friday, the company explicitly says that the arbitration clauses do not apply to this particular cybersecurity incident.
"In response to consumer inquiries, we have made it clear that the arbitration clause and class action waiver included in the Equifax and TrustedID Premier terms of use does not apply to this cybersecurity incident."
While Equifax may have responded to arbitration concerns, it is unlikely if the company will be taken positively by any consumer rights group. Not only did it fail to protect sensitive consumer data, it also took Equifax over five weeks to report the incident after discovering it. Later on, a username for administering the site was seen on the www.equifaxsecurity2017.com cybersecurity response site, followed by the main website displaying debug codes. This amateur response to consumers only adds to the injury of operating a website that made it easy for criminals to steal data of nearly half of the population of the country.
If that wasn't enough, between the company learning about the hack and it reporting the incident to the public, at least three Equifax executives sold more than $1.8 million worth of stock. Equifax officials continue to say that the executives (including a CFO) hadn't been informed.
