In September 2017, Equifax announced that it had been the victim of a criminal cyberattack on its systems. The attackers gained unauthorized access to the personal information of approximately 147 million U.S. consumers. This information included people’s names, Social Security numbers, birth dates, addresses, and in some instances driver’s license numbers, credit card numbers, or other personal information.
Numerous lawsuits were brought on behalf of consumers whose personal information was impacted as a result of the Data Breach. Chief Judge Thomas W. Thrash Jr. of the U.S. District Court for the Northern District of Georgia is overseeing these lawsuits. These lawsuits are known as In re: Equifax Inc. Customer Data Security Breach Litigation, Case No. 1:17-md-2800-TWT. The consumers who sued are called the “Plaintiffs.” Equifax, Inc., and two of its subsidiaries are the “Defendants.” Plaintiffs claim that Equifax did not adequately protect consumers’ personal information and that Equifax delayed in providing notice of the data breach. The most recent version of the lawsuit, which describes the specific legal claims alleged by the Plaintiffs, is available
here. Equifax denies any wrongdoing, and no court or other judicial entity has made any judgment or other determination of any wrongdoing.