Burt Langley PC (Asheville, North Carolina) and Branstetter, Stranch & Jennings, PLLC (Nashville, Tennessee) have filed a class action lawsuit on behalf of Terra Weaver, David Le and similarly situated individuals affected by the Equifax data breach that was disclosed on Sept. 7, 2017.
The suit was filed Wednesday, Sept. 27, 2017, in the United States District Court for the Western District of North Carolina in Asheville.
Earlier this month, Equifax, one of the nation’s largest credit reporting agencies, announced it was the victim of a large cyberattack that exposed potentially 143 million Americans’ sensitive private and financial information. Since then, Equifax has also disclosed that the cyber vulnerability exploited by hackers was related to Apache Struts, an open-source software program that is used throughout the corporate world to power front- and back-end web applications, including Equifax’s public website. According to the lawsuit, the Apache Software Foundation, proprietors of the Apache Struts software, had identified a vulnerability in its application in March and promptly issued a patch that would mitigate the vulnerability to cyberattackers.
The lawsuit further alleges that:
- Despite it being widely available, Equifax failed to incorporate the security patch into its website software, leading to a known vulnerability on Equifax’s servers that allowed cyberattackers to exploit the vulnerability for several weeks;
- Equifax’s actions were negligent, allowed hackers to gain access to sensitive customer information, and also violated federal law;
- Although Equifax knew of the vulnerability in July, it waited until September to disclose the data breach, despite many state statutes, including one in North Carolina that requires prompt disclosure to affected individuals of known data breaches; and
- Equifax’s failure to alert affected individuals in a timely manner was a violation of North Carolina and Georgia state laws.
The lawsuit demands judgment against Equifax for damages resulting from the data breach and seeks injunctive relief requiring the company to improve its data security methods.
“Equifax’s conduct appears particularly egregious as it held sensitive information on millions of Americans and apparently failed to have even the most basic data security measures in place to guard against the theft of that material,” says Katherine Langley, co-founder of Burt Langley PC. “This conduct has caused — and will continue to cause — great harm to millions of people, and we look forward to having our opportunity to use the court system to right this wrong perpetrated by Equifax allowing cybercriminals to gain access to its data systems.”
Similar class action lawsuits have been filed across the country since Equifax disclosed the data breach earlier this month. A federal judicial panel will soon decide whether to consolidate all of these actions within a single venue.