City Attorney Dennis Herrera has filed suit against the absurdly incompetent credit-monitoring firm Equifax, which royally fucked up at the one thing it’s supposed to do, by letting an enormous data breach go unaddressed for months, enabling hackers to ruin the persona financial lives of up to 143 million Americans. More than 15 million Californians could be affected, the lawsuit says.
The breach occurred during a period lasting from May 13 to July 30. Equifax discovered it on July 29, but only disclosed what it had learned on Sept. 7, six weeks later. The New York Times reported today that Equifax CEO Richard Smith, a 22-year veteran of the company, joined other executives by resigning in disgrace. It is our hope that he is found guilty of 143 million counts of criminal negligence and condemned to a thousand consecutive lifetimes of drudgery on a frigid penal asteroid.
Incredibly, however, instead of being banished to limbo, Smith will continue to serve the company as a consultant for the next 90 days. Even after overseeing what is potentially the biggest financial cataclysm, these sociopaths still find a way to stay on top.
San Francisco is the first city to sue the indefensibly incompetent Equifax, which, along with Experian and TransUnion, constitute a troika of largely unaccountable guardians of your credit report — and, with it, your ability to rent an apartment, get a mortgage loan, or even hold a job.
“Equifax’s incompetence would be comical if the subject matter weren’t so serious,” Herrera said in a statement accompanying the announcement of the suit. “This company fell asleep at the switch and upended the lives of millions of people. The information that Equifax failed to safeguard is what people need to open a bank account, buy a home or rent an apartment. Now Californians have been put at risk of identity theft for years to come.”
Hopefully, Equifax will be clobbered by so many lawsuits that the company’s assets shrivel up and blow away like the lives of so many Americans who’ve been maliciously abused by large, predatory financial firms since the 2008 recession.
S.F.’s complaint lists three main criteria: a failure to implement and maintain reasonable security procedures and practices, a failure to provide timely notice of the data breach to affected California consumers — which is to say, executives knew what happened, sat on the information for weeks, and, in a few cases, dumped shares they held in their own company, hoping to profit off 143 million people’s night terrors and misery — and lastly, a failure to provide complete and clear information when those executives finally got around to disclosing the inconceivably stupid of virtually every working American adult’s personal financial information.
Furthermore, this was an easily preventable catastrophe. As the statement elaborates (emphasis ours):
However, it uses an open-source software called Apache Struts on its website. Equifax didn’t install a freely available “patch” to fix a vulnerability with the software after that security problem was detected and publicly announced on March 7, 2017 by various organizations. Equifax could have prevented the data breach by implementing the free patches and fixes provided by the Apache Software Foundation in March 2017.
This suit is important, because it’s not as if you can write a Yelp review of Equifax and bring them down by complaining about shitty service. (Not that people aren’t trying.) By design, these firms are insulated from public input and accountability, something which undoubtedly led to a culture of callous hubris.
Herrera’s suit notes that Equifax could be liable for penalties of up to $2,500 per violation. Also, it will be exciting to see what Sen. Elizabeth Warren says when she grills the executives next week. Senator, we beg of you, go in for the kill and do not stop until you’re knee-deep in blood and viscera.