ATLANTA — A team of lawyers has filed a class-action lawsuit against Equifax over the data breach that has compromised the personal information of more than 140 million U.S. consumers.

The lawsuit filed in U.S. District Court in Atlanta faults Equifax for “gargantuan failures to secure and safeguard consumers’ personally identifiable information … and for failing to provide timely, accurate and adequate notice” to consumers that such sensitive material had been stolen.

The lawsuit said plaintiffs Brian F. Spector of Florida and James McGonnigal of Maryland are each victims of the breach. McGonnigal alleges he has “recently had four credit accounts opened in his name without his authorization.”

The lawsuit joins another filed this past week in Oregon on behalf of a couple there, and others are expected. A committee of the U.S. House of Representatives has called for hearings, and the FBI reportedly is investigating the breach.

The Atlanta case calls Equifax reckless in its handling of consumers’ data, and also says the company did not disclose why there was more than a month’s delay in making the breach public. It cites the sale of stock by three executives days after Equifax learned of the breach, but weeks before the company alerted consumers to the theft.

Three executives – Chief Financial Officer John Gamble; Joseph Loughran, who heads Equifax’s U.S. information solutions business; and Rodolfo Ploder, who runs the company’s workforce solutions operation – sold nearly $1.8 million in stock in the days after Equifax discovered the cyberattack.

The sales were not part of a scheduled sale, and Equifax said the three executives “had no knowledge that an intrusion had occurred at the time.” But the company told its investors that it had “promptly” informed its board of directors of the incident.

The complaint contends the breach “was the inevitable result of Equifax’s inadequate approach to data security and the protection.”

The Atlanta lawsuit seeks statutory damages under the federal Fair Credit Reporting Act and state statues and other out-of-pocket losses and compensatory damages, as well as “more robust credit monitoring services with accompanying identity theft insurance. The plaintiffs also seek an order from the court requiring the company to improve its data security.


Only subscribers are eligible to post comments. Please subscribe or login first for digital access. Here’s why.

Use the form below to reset your password. When you've submitted your account email, we will send an email with a reset code.