OK, so the Equifax breach is a big deal. A BIG deal. Nearly half of Americans are affected. Their information (and possibly yours and mine) has been accessed by some entity who is probably up to no good. There’s been hemming and hawing and biting of fingernails, but, other than a fairly precipitous fall in Equifax’ stock price, it’s unclear what penalties Equifax may suffer resulting from its potential mishandling of all of our financial data.
What potential penalties are in the pipeline?
- Class Action lawsuits – generally these turn my stomach. I always tend to picture a bunch of too tanned lawyers drinking tropical cocktails in the Caribbean comparing the numbers of persons who have joined their class action the way some overconfident men compare shoe sizes. I know this is likely unfair. However, like many Americans, I worry that we are an overly-litigious society. There’s another reason I don’t think much of class actions. The companies at fault never seem to learn much. We’ve all received checks in the mail because this bank or this auto manufacturer did something wrong and is making it up to me by sending me a check for $19.47. Whoa, let me pay off the mortgage! Was the problem solved? You tell me. How many of you have received a second check from the same entity a few years later for another infraction?
- Government investigations. Several state Attorneys General and government agencies have indicated that they will be investigating the breach and the responses of Equifax, its Board, and “C” suite. These will likely be lengthy goings on and unlikely to result in any near-term change in Equifax’ data security policies and practices. With any luck, necessary policy and practice changes will result from the recommendations of the “independent cybersecurity firm” that Equifax has engaged. Hopefully, these will occur earlier than any government orders or settlements could provide.