Last week, the well known consumer credit reporting agency, Equifax, announced it was compromised by a massive cyber breach.
The cyber attack was carried out by criminal hackers from mid-May through July of this year.
The personal identifying information for over 143 million U.S. consumers was possibly compromised by the breach. It included names, birth dates, Social Security numbers, addresses, and driver’s license numbers.
Equifax has been hit with 23 proposed class-action lawsuits since news of the hack came out, and due to the amount of people affected by the breach, additional cases are likely.
Senators, Orrin Hatch of Utah and Ron Wyden of Oregon, sent a list of detailed questions about the breach yesterday. Both men are a member of the Senate Committee on Finance.
The panel wants to know a detailed timeline of the breach, and the steps Equifax has taken to reduce consumer harm.
The amount of class-action lawsuits signal the high legal stakes over the potential personal data information exposed.
Equifax has acknowledged that it expects costs due to the cyber attack. Since the attack, Equifax shares have plunged over 13%.
Equifax discovered the attack in late July, but only publicly announced the intrusion last week. They were previously working with an independent cyber security firm to conduct a forensic assessment.
Legal complains against Equifax include alleged security negligence, delay in alerting the public, and concerns about the free credit monitoring service Equifax offers.
One California federal court lawsuit alleges that, “Equifax failed to disclose to consumers that it owned TrustedID, and its long-term business model turns on baiting consumers into signing up for its services. In other words, Equifax sought to turn its failure to protect consumers’ sensitive data into a clandestine money-making opportunity.”