Fallout from Equifax data breach likely to be far-reaching

Photo (c) zimmytws - Fotolia

The incident will likely push binding arbitration clauses onto the front burner

If you are among the 143 million consumers with compromised data due to the massive Equifax breach, you might have spent the weekend making sure your identity had not been stolen.

It might have also dawned on you that you'll probably have to maintain that vigilance for the rest of your life. Once that information is out there, there is no way to get it back.

Hours after Equifax announced details of the breach, there was also a sudden focus on binding arbitration clauses. That's because the terms of service for the package of protections Equifax is offering affected consumers at no charge specifically bars customers from participating in class-action lawsuits.

But Equifax says the terms of service for the product it sells do not apply to the product it is providing affected consumers.

Waiver not required in this case

“In response to consumer inquiries, we have made it clear that the arbitration clause and class action waiver included in the Equifax and TrustedID Premier terms of use does not apply to this cybersecurity incident,” Equifax said in a statement.

So accepting Equifax's offer of free TrustedID Premier for a year will not require you to waive your right to sue. But when speculation was rife that it would be a requirement, opponents of arbitration clauses seized upon the incident to pressure Congress not to pass legislation that takes away a consumers' right to sue.

The Consumer Financial Protection Bureau (CFPB) has finalized a rule that strikes down arbitration clauses in many consumer contracts, but Republicans in Congress have advanced legislation to overturn that. Some arbitration opponents now believe lawmakers will have a much harder time rolling back the CFPB's arbitration rule.

States respond

Attorneys general in several states have launched investigations into the Equifax data breach, including whether the company acted promptly in disclosing the incident. Equifax said it discovered the breach of its systems in late July and announced it to the public on September 7.

“My office intends to get to the bottom of how and why this massive hack occurred,” said New York Attorney General Eric Schneiderman.

New York law requires businesses with New York customers to inform those customers, and the attorney general, about data breaches. Schneiderman said his office will investigate to see if Equifax had adequate safeguards in place.

Illinois Attorney General Lisa Madigan has also launched an investigation into the data breach. Madigan said Equifax should suspend its fee for placing a credit freeze on affected consumers' accounts in light of the significant risk of identity theft posted by the breach. Equifax is allowed to charge Illinois residents up to $10 to implement a credit freeze, remove a freeze, or temporarily thaw a credit freeze.

Other states may also join the probe, with the result being additional pressure on credit reporting agencies, as well as other enterprises holding sensitive consumer data, to keep that information more secure.

Take an Identity Theft Quiz. Get matched with an Authorized Partner.