Equifax, the massive credit reporting company that announced Thursday it was hacked, is offering assistance to consumers who may have had their data leaked. But deep in the fine print of its terms and conditions contract, it states that receiving help from the company may in turn legally waive their right to a lawsuit.
Here is a portion of the legalese:
AGREEMENT TO RESOLVE ALL DISPUTES BY BINDING INDIVIDUAL ARBITRATION. PLEASE READ THIS ENTIRE SECTION CAREFULLY BECAUSE IT AFFECTS YOUR LEGAL RIGHTS BY REQUIRING ARBITRATION OF DISPUTES (EXCEPT AS SET FORTH BELOW) AND A WAIVER OF THE ABILITY TO BRING OR PARTICIPATE IN A CLASS ACTION, CLASS ARBITRATION, OR OTHER REPRESENTATIVE ACTION. ARBITRATION PROVIDES A QUICK AND COST EFFECTIVE MECHANISM FOR RESOLVING DISPUTES, BUT YOU SHOULD BE AWARE THAT IT ALSO LIMITS YOUR RIGHTS TO DISCOVERY AND APPEAL.
The company even outlined how customers could be giving up their right to sue within the website it set up for the sole purpose of helping people discern if their data was stolen.
The stipulation reads, according to Zach Whittaker, security editor at ZDNet:
By consenting to submit Your Claims to arbitration, You will be forfeiting Your right to bring or participate in any class action (whether as a named plaintiff or a class member) or to share in any class action awards, including class claims where a class has not yet been certified, even if the facts and circumstances upon which the Claims are based already occurred or existed.
Arbitration clauses aren’t uncommon. But, according to Consumer Financial Protection Bureau, Equifax’s arbitration clause is “troubling,” in that it “could remove this clause so that consumers can receive this service without condition,” reports The Washington Post.
New York Attorney General Eric Schneiderman had even more harsh words than “troubling.”
“This language is unacceptable and unenforceable,” Schneidermen said while retweeting Whittaker’s post. “My staff has already contacted @Equifax to demand that they remove it.”
Schneiderman later tweeted that his office corresponded with Equifax, which purportedly claimed that its class action waiver policy will not apply to the cybersecurity incident. It’s unclear whether Equifax will honor that promise not to employ all of its enumerated legal stipulations.
Equifax disclosed the hack Thursday after detecting the virtual infiltration July 29. The breach and leaks reportedly occurred for roughly two months before Equifax was able to discover it. The company says up to 143 million customers in the U.S. alone could have been affected, with an undisclosed amount of people in Canada and U.K. also involved.
Three high-ranking executives including the CFO sold nearly $1.8 million worth of stock just days after the company detected a large-scale data breach, according to Bloomberg.
“This is clearly a disappointing event for our company, and one that strikes at the heart of who we are and what we do,” chairman and CEO Richard F. Smith said in a press release. “I apologize to consumers and our business customers for the concern and frustration this causes. We pride ourselves on being a leader in managing and protecting data, and we are conducting a thorough review of our overall security operations.”
The apology, though, appears to just be in relation to the fact that its consumers’ data was leaked, and doesn’t address the delayed discovery or the executives suspiciously-timed shares sales.
“The stock sale certainly raises questions,” Dimitri Sirota, co-founder and CEO of BigID, an identity data protection software company, told The Daily Caller News Foundation. “Most US states have breach reporting requirements which means that at least the general counsel or the executive leadership would have to be informed and aware.” (RELATED: Everything Online Is Connected, Now There’s A Growing Need For Cyber Insurance)
Morey Haber, the vice president of technology at BeyondTrust, an American company that offers cybersecurity services, among others, says many questions remain.
“I hope they [facts] come to light soon,” Haber told TheDCNF, “and as with any larger breach involving payment and card data, it remains to be seen what monetary and punitive damages Equifax will face from the PCI council.”
Along with his demands to undo its arbitration clause, Schneiderman also said Friday he is launching a larger investigation into incident, according to CNBC. Congress will also look into the incident and the underlying circumstances, Reuters reports, by holding a committee hearing,
Send tips to [email protected].
Content created by The Daily Caller News Foundation is available without charge to any eligible news publisher that can provide a large audience. For licensing opportunities of our original content, please contact [email protected].