Equifax Clarifies Policy After Outcry Over Consumers' Legal Rights Following Hack

Carla Herreria
Equifax issued a statement Friday saying that victims of a recent massive security breach won’t have to waive their right to file a class action lawsuit against the company, after people noticed language buried in Equifax’s terms of service that barred customers from doing so.

Equifax issued a statement Friday saying that victims of a recent massive security breach won’t have to waive their right to file a class action lawsuit against the company, after people noticed language buried in Equifax’s terms of service that barred customers from doing so.

“We have made it clear that the arbitration clause and class action waiver included in the Equifax and TrustedID Premier terms of use does not apply to this cybersecurity incident,” the company said in an update to its website.

Equifax announced Thursday that it had discovered in July it was the victim of a massive hack that exposed the personal information of an estimated 143 million Americans. Social Security numbers and credit card numbers were among the information exposed.

The company offered those affected by the hack a free one-year subscription to its credit-monitoring service TrustedID Premier. Those who opt to use Equifax’s free service will be charged after a year if they do not actively cancel their subscriptions.

Shortly after the announcement, people on social media pointed out the arbitration clause buried in the product’s terms of use, which bars customers from participating in any class action lawsuits against the company.

Equifax clarified its terms of use after New York Attorney General Eric Schneiderman on Friday called the language in question “unacceptable and unenforceable.”

Later Friday, Schneiderman said he was launching a formal investigation into Equifax’s security breach and encouraged all of Equifax’s customers to reach out to the company to see if they were affected.

So far, two class action lawsuits against Equifax have been proposed, alleging that the credit monitoring company was negligent in protecting its customers’ private information and should have spent more money protecting the data against cyberattacks. 

  • This article originally appeared on HuffPost.