The Judicial Panel on Multidistrict Litigation will decide on Nov. 30 whether to create a new MDL docket for the dozens of class action lawsuits filed against Equifax for allowing a massive data breach September 7, 2017.
Equifax joined plaintiffs in requesting the new MDL. The breach compromised the names, social security numbers, birth dates and credit card information of 143 million people. This information can be used to steal a person's identity and commit fraud.
"The No. 1 crime in America is identity theft. It has surpassed drug trafficking," said Micah Adkins of The Adkins Firm, speaking at the recent Mass Torts Made Perfect conference. "You're much more likely to be a victim of identity theft than an auto accident."
More than 100 consumer lawsuits charge that the company violated the Fair Credit Reporting Act (FCRA), which requires Equifax to "maintain reasonable procedures" to avoid identity theft. It allows for individual statutory damages of up to $1,000 per person, punitive damages, attorney fees and costs.
A global settlement of about $200 million is plausible, attorney Nathan Taylor told the Insurance Journal, based on the $115 million that Anthem Inc. health insurance company agreed to pay in June 2017 over hacking in 2015 that compromised about 79 million people’s personal information.
The motion was filed by Norman Siegel of Stueve, Siegal Hanson LLP of Kansas City, MO, John A. Yanchunis of Morgan & Morgan of Tampa, FL and Roy E. Barnes of The Barnes Law Group LLC of Marietta, GA.
They seek to consolidate 22 cases and any tag-along cases filed in US District Court in Georgia. Equifax is headquartered in Atlanta. Among the federal judges recommended by the motion are:
Equifax has a history of data breaches, including its W-2 Express website, which suffered an attack in May 2016 that resulted in the leak of 430,000 names, addresses, social security numbers and other personal information of retail firm Kroger.
Equifax reported to the New Hampshire attorney general of a breach that between April 2013 and January 2014, an "IP address operator was able to obtain the credit reports using sufficient personal information to meet Equifax's identity verification process."