Equifax Settles Data Breach Lawsuit


On July 22, 2019, Equifax, one of the nation’s three large credit reporting agencies, settled a lawsuit brought by the Federal Trade Commission (“FTC”), the Consumer Financial Protection Bureau (“CFPB”), and 50 U.S. states and territories.  The lawsuit alleged that Equifax’s failure to take reasonable steps to secure its network—which contained sensitive personal financial information (including social security numbers)—led to a 2017 data breach that impacted 147 million people.  Notably, Equifax failed to encrypt its data, instead storing sensitive consumer information in plain text, while misleadingly assuring customers that it had physical, technical, and procedural safeguards to protect this data.  The lawsuit specifically alleged that, as a result of these acts, Equifax violated the FTC Act’s prohibition against deceptive and unfair practices and the Gramm-Leach-Bliley Act’s Safeguards Rule.  

The $575 million settlement (which could potentially reach $700 million) requires the company to pay $300 million to a fund that will provide consumers with free credit monitoring services for at least 10 years or a $125 cash payment, and to pay civil penalties of $175 million to the U.S. States and territories and $100 million to the CFPB.  While the settlement did not force Equifax to admit fault, it does additionally require Equifax to:

  • Designate an employee to oversee the information security program;
  • Conduct annual assessments of internal and external security risks and implement safeguards to address potential risks;
  • Obtain annual certifications from the Equifax board of directors or relevant subcommittee attesting that the company has complied with the order, including its information security requirements;
  • Test and monitor the effectiveness of the security safeguards; and
  • Ensure service providers that access personal information stored by Equifax also implement adequate safeguards to protect such data.

About Faruqi & Faruqi, LLP

Faruqi & Faruqi, LLP focuses on complex civil litigation, including securities, antitrust, wage and hour, personal injury and consumer class actions as well as shareholder derivative and merger and transactional litigation. The firm is headquartered in New York, and maintains offices in California, Delaware, Georgia and Pennsylvania.

Since its founding in 1995, Faruqi & Faruqi, LLP has served as lead or co-lead counsel in numerous high-profile cases which ultimately provided significant recoveries to investors, direct purchasers, consumers and employees.

To schedule a free consultation with our attorneys and to learn more about your legal rights, call our offices today at (877) 247-4292 or (212) 983-9330.

About Dillon Hagius

Dillon Hagius's practice is focused on securities litigation. Dillon is an associate in the firm's New York office.

Tags: faruqi & faruqi, FTC, 10b-5, CFPB, faruqilaw, Data Breach, Equifax, GLBA Dillon Hagius Dillon Hagius
Associate at Faruqi & Faruqi, LLP

New York office
Tel: (212) 983-9330
Fax: (212) 983-9331
E-mail: dhagius@faruqilaw.com

Finding us

Our Offices

Our offices are nationwide. If you have any questions about a case or our firm, please contact us.

New York

685 Third Avenue 26th Floor
New York, New York 10017
(212) 983-9330
(877) 247-4292
(212) 983-9331


10866 Wilshire Boulevard Suite 1470
Los Angeles, California 90024
(424) 256-2884
(424) 256-2885


3828 Kennett Pike Suite 201
Wilmington, Delaware 19807
(302) 482-3182
(302) 482-3612


3975 Roswell Rd Suite A
Atlanta, Georgia 30342
(404) 847-0617
(404) 506-9534


1617 JFK Boulevard, Suite 1550
Philadelphia, Pennsylvania 19103
(215) 277-5770
(215) 277-5771

Faruqi & Faruqi office in New York, New York

Faruqi & Faruqi office in Los Angeles, California

Faruqi & Faruqi office in Wilmington, Delaware

Faruqi & Faruqi office in Atlanta, Georgia

Faruqi & Faruqi office in Philadelphia, Pennsylvania