The recent data breach involving Equifax is reported to be one of the largest security breaches ever as it affects as many as 143 million people in the US.
Equifax is a nationwide credit reporting agency that receives very sensitive customer information from banks, retailers, lenders, and credit card companies. Equifax is one of the three main credit reporting agencies in the US, the other two being Experian and TransUnion. An investigation into who is behind the breach is ongoing, but several states attorneys general have pledged to launch investigations in addition to the Consumer Financial Protection Bureau.
Despite discovering the breach on July 29, 2017, Equifax did not inform the public until September 7, 2017. In response to the breach, Equifax is providing one year of free service through its TrustedID Premier business, a program designed to provide credit file monitoring and identity theft protection.
The catch is that after signing up for the year of free identity theft protection, customers were forced to agree to an arbitration clause and to waive their right to enter into a class action lawsuit – meaning that clients would be unable to join a class-action, benefit from a class action settlement, and sue on their own behalf. After public pressure, Equifax added an opt-out provision, allowing customers to notify the company of their desire to opt-out of the arbitration agreement in writing within 30 days of signing up for the Trusted ID Premier program. After additional criticism, the company later issued a statement that the arbitration language that appears on its website will not apply to this “cybersecurity incident.”
Importantly, the program supported by Equifax will not help customers fix any issues that happened as a result of the hack. The service provided to customers will only include the monitoring of their credit and the scanning of the internet for your social security number. Equifax has put together a guide of what customers can do to protect themselves, which includes obtaining a free credit report, freezing your credit, and/or setting a fraud alert.
New rules published by the Consumer Financial Protection Bureau, set to take effect in March 2018, protect consumers against such arbitration requirements by credit card issuers, bank, and credit rating companies. However, some members of Congress are pushing to roll back the effective date of the new rules. One can hope that the Equifax breach will show lawmakers how important these new rules are and how they can help to protect consumers.
These types of provisions are common in many different kinds of contracts. It is always a good idea to have an attorney look over a contractually binding agreement before you sign to make sure you aren’t unknowingly signing away important legal rights. To schedule a consultation and have a contract reviewed, call Levine-Piro Law, P.C. at 978-637-2048 or e-mail us at office@levinepirolaw.com.
