EQUIFAX SECURITY BREACH
SETTLEMENT MAY COME CHEAP
Company could end up paying $1 per person affected by hack
Equifax Inc. could get away with paying a mere $1 person after failing to protect almost half of America's credit data.
While the 118-year-old credit-reporting firm has been hit with more than 100 consumer lawsuits over its massive security breach, legal experts say there's room for a deal because neither side has a slam-dunk case.
A global settlement of about $200 million is plausible, said Nathan Taylor, a cybersecurity lawyer with Morrison Foerster LLP in Washington. That's a projection based on the $115 million Anthem Inc. agreed to pay in June - setting a U.S. record - to resolve claims that it didn't protect a smaller number of people from a 2015 criminal hack that stole similarly sensitive information, Taylor said.
With lawyers collecting as much as a third of any payout, the company may end up spending an average of less than $1 per person for credit monitoring and out-of-pocket expenses for 143 million Equifax consumers whose data was compromised.
That's a good deal for the embattled credit reporting company as its exposure theoretically could amount to $143 billion under a federal law that carries damages of as much as $1,000 per violation, plus punitive damages.
Equifax faces additional uncertainty around suits and investigations by state attorneys general and the Federal Trade Commission, as well as claims by financial institutions, shareholders - and as of Tuesday - small business owners. On top of that, the Justice Department is said to have opened a criminal probe into whether top officials at the company violated insider trading laws when they sold stock before Equifax disclosed that it had been hacked.
Amid all the negative publicity, the company may relish a chance to put at least one legal headache behind it sooner rather than later. As of Tuesday, shares had fallen 30 percent since the hack was disclosed Sept. 7, and company officials now face calls to testify before Congress.
"It's a dirty little secret, but a lot of defendants, welcome these lawsuits," said Robert Schwartz, a lawyer with Irell & Manella LLP in Los Angeles.
"They will kick up some dust but, with a sensible settlement, the problem goes away. That is the end game."
For consumers - ore more precisely, their attorneys - a modest settlement would avoid the risk of winning nothing if no actual harm from the hack can be definitively traced back to the company.
with frequent high-profile hacks in recent years, it's virtually impossible to connect a specific instance of identity theft to a particular breach, according to Taylor of Morrison Foerster.
"If you want to buy my social security number on the Dark Web, you can probably get it from numerous sources," Taylor said in a phone interview.
Company could end up paying $1 per person affected by hack
Equifax Inc. could get away with paying a mere $1 person after failing to protect almost half of America's credit data.
While the 118-year-old credit-reporting firm has been hit with more than 100 consumer lawsuits over its massive security breach, legal experts say there's room for a deal because neither side has a slam-dunk case.
A global settlement of about $200 million is plausible, said Nathan Taylor, a cybersecurity lawyer with Morrison Foerster LLP in Washington. That's a projection based on the $115 million Anthem Inc. agreed to pay in June - setting a U.S. record - to resolve claims that it didn't protect a smaller number of people from a 2015 criminal hack that stole similarly sensitive information, Taylor said.
With lawyers collecting as much as a third of any payout, the company may end up spending an average of less than $1 per person for credit monitoring and out-of-pocket expenses for 143 million Equifax consumers whose data was compromised.
That's a good deal for the embattled credit reporting company as its exposure theoretically could amount to $143 billion under a federal law that carries damages of as much as $1,000 per violation, plus punitive damages.
Equifax faces additional uncertainty around suits and investigations by state attorneys general and the Federal Trade Commission, as well as claims by financial institutions, shareholders - and as of Tuesday - small business owners. On top of that, the Justice Department is said to have opened a criminal probe into whether top officials at the company violated insider trading laws when they sold stock before Equifax disclosed that it had been hacked.
Amid all the negative publicity, the company may relish a chance to put at least one legal headache behind it sooner rather than later. As of Tuesday, shares had fallen 30 percent since the hack was disclosed Sept. 7, and company officials now face calls to testify before Congress.
"It's a dirty little secret, but a lot of defendants, welcome these lawsuits," said Robert Schwartz, a lawyer with Irell & Manella LLP in Los Angeles.
"They will kick up some dust but, with a sensible settlement, the problem goes away. That is the end game."
For consumers - ore more precisely, their attorneys - a modest settlement would avoid the risk of winning nothing if no actual harm from the hack can be definitively traced back to the company.
with frequent high-profile hacks in recent years, it's virtually impossible to connect a specific instance of identity theft to a particular breach, according to Taylor of Morrison Foerster.
"If you want to buy my social security number on the Dark Web, you can probably get it from numerous sources," Taylor said in a phone interview.
Comments