Equifax Data Breach Triggers Lawsuit and Investigation | eWeek

Equifax Data Breach Fallout Continues as Lawsuits Are Filed

Equifax Breach
Sep 8, 2017
3 minute read
eWeek Inhalte und Produktempfehlungen sind redaktionell unabhängig. Wir können Geld verdienen, wenn Sie auf Links zu unseren Partnern klicken. Mehr erfahren

The impact of the breach at credit reporting and monitoring agency Equifax will likely be felt for months and years to come, as the full scope of the security incident is uncovered. Equifax publicly disclosed on Sept. 7 that attackers gained unauthorized access to it systems, exposing personally identifiable information on 143 million American consumers. The breach has also led to multiple legal actions, including at least one class-action lawsuit.

At this point in the investigation, Equifax has not publicly disclosed the root cause of the data breach. The only insight the company has provided is that the attackers were able to exploit a U.S. website application vulnerability to gain access to certain files.

While web application vulnerabilities can be found by internal corporate security teams, third-party security researchers are also capable of discovering flaws. There is a challenge, however, in that not all organizations make it easy for security researchers to responsibly disclose vulnerabilities.


“We looked at Equifax’s website and found no easy way for hackers to disclose anything,” HackerOne CEO Marten Mickos wrote in an email statement sent to eWEEK. HackerOne is in the business of running managed bug bounty programs for organizations.

Mickos noted that several Equifax bugs have been disclosed via the Open Bug Bounty, which is a nonprofit project designed to connect hackers with website owners to resolve bugs in a transparent and open manner. 

“One of [the bugs] was disclosed for their UK website and took nearly five months to resolve and the second is for the U.S. website, which has yet to be resolved,” he said.

It is unknown if the unresolved bug that was reported to the Open Bug Bounty is related to the Equifax breach.

Identity Theft Protection

As part of its breach response, Equifax is providing free identity and credit monitoring to impacted consumers via its own TrustedID service. However, on both Sept. 7 and 8, there were widespread reports that consumers were unable to access the identity protection enrollment site.

Aside from the likely high volume of traffic, the site (EquifaxSecurity2017.com) was temporarily blocked by Cisco’s OpenDNS web filtering service. In a Twitter post, OpenDNS founder David Ulevitch confirmed that the Equifax site initially triggered the criteria for identifying a site that is potentially malicious, including volume of traffic spiking from zero and the fact that it was a new domain.

For those who have been able to reach the identity protection enrollment site, there have been multiple reports of concerns about the legal terms of use. As part of the enrollment terms for TrustedID, consumers must waive their rights to sue Equifax or participate in any class-action lawsuit against Equifax.

At least one class-action lawsuit has already been filed against Equifax over the data breach incident.

“Plaintiffs file this complaint as a national class action on behalf of over 140 million consumers across the Country harmed by Equifax’s failure to adequately protect their credit and personal information,” the class-action suit filed in Oregon federal court on Sept. 7 states.

Investors

Equifax consumers aren’t the only ones taking legal action, as investors are also now looking at potential wrongdoing by the company as well. Multiple executive officers of Equifax allegedly sold Equifax stock days after the company first became aware of the breach on July 29. Corporate litigation firm Bronstein, Gewirtz & Grossman stated in a press release that it’s investigating whether there was a violation of U.S. securities law.

“The investigation concerns whether Equifax and certain of its officers and/or directors have violated Sections 10(b) and 20(a) of the Securities Exchange Act of 1934,” the company stated.

Following the Equifax data breach disclosure on Sept. 7, Equifax stock has declined by at least 13 percent as of 1 p.m. ET on Sept. 8.

Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.

eWeek Logo

eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site's focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

Eigentum von TechnologyAdvice. © 2026 TechnologyAdvice. Alle Rechte vorbehalten

Werbetreibenden-Offenlegung: Einige der auf dieser Website erscheinenden Produkte stammen von Unternehmen, von denen TechnologyAdvice eine Vergütung erhält. Diese Vergütung kann beeinflussen, wie und wo Produkte auf dieser Website erscheinen, einschließlich beispielsweise der Reihenfolge, in der sie erscheinen. TechnologyAdvice schließt nicht alle Unternehmen oder alle auf dem Marktplatz verfügbaren Produkttypen ein.