San Francisco became the first city to sue Equifax (EFX) over the data breach that potentially engulfed 143 million people in the U.S.
Continue Reading Below
San Francisco filed a lawsuit Tuesday alleging that Equifax failed to protect personal data connected to more than 15 million California residents. City Attorney Dennis Herrera hit Equifax over its “incompetence,” saying the company was “asleep at the switch and upended the lives of millions of people.”
The city is accusing Equifax of violating state laws governing business practices. The lawsuit, which was filed in San Francisco Superior Court, said Equifax failed to implement and maintain reasonable security practices and failed to provide timely notice of the cyber-attack.
San Francisco is seeking refunds for Californians who bought credit monitoring from Equifax before Sept. 7, when the company disclosed the hack. It also seeks civil penalties of $2,500 per violation and a court order forcing Equifax to secure consumers’ personal information.
Hackers exploited a vulnerability in open-source software to steal Social Security numbers, birthdays, addresses, driver’s license numbers and credit card numbers. The cyber-attack potentially puts millions of people at risk for identity theft.
- How Equifax, credit agencies, could benefit from the data breach
- Equifax CEO steps down following massive hack
- Equifax data breach could lead to monumental cyber hack, ex-con artist says
- Equifax breach: Why your tax return could be at risk
- Equifax data breach: How to protect yourself from identity theft
Former CEO Richard Smith, who abruptly retired Tuesday, is scheduled to appear before the Senate Banking Committee in October. Also, federal authorities are reportedly investigating whether three Equifax executives violated insider trading laws by selling nearly $1.8 million in shares after the company discovered the hack.