Millions of Americans who were potentially impacted by a massive data breach at credit monitoring firm Equifax may find themselves in another quandary, should they choose to take advantage of the company’s free identity theft services.
Equifax announced on Thursday that it had experienced a data breach affecting at least 143 million U.S. consumers. Credit card numbers for approximately 209,000 customers were also hacked.
In the aftermath, Equifax began advertising a free service for anyone that may have been affected, called TrustedID Premier. TrustedID Premier offers “a suite of security products to protect them from digital theft,” according to TechCrunch; anyone concerned that their information may have been leaked was instructed to enroll in the program this week by visiting a sub-site (www.equifaxsecurity2017.com) and entering their social security number and personal information.
(2/2) We apologize to our consumers and business customers for the concern and frustration this causes. Learn more: https://t.co/ivVHFb2xA4.
— Equifax Inc. (@Equifax) September 7, 2017
“Conveniently (for Equifax), those who sign up for TrustID might waive their right to any class-action lawsuit against the company, as stated at the bottom of TrustID’s terms of service,” explained TechCrunch’s Sarah Buhr.
“You should be aware that [this] also limits your rights to discovery and appeal,” the company notes.
A class-action lawsuit against Equifax is already underway in Oregon; the suit, filed on behalf of plaintiffs Mary McHill and Brook Reinhard by attorney Michael Fuller, requires the company to “preserve all records related to the breach” and establishes the case as a class-action suit “for all consumers affected by the cyberattack”, according to USA Today.
“In an attempt to increase profits, Equifax negligently failed to maintain adequate technological safeguards to protect Ms. McHill and Mr. Reinhard’s information from unauthorized access by hackers,” Fuller wrote. “Equifax knew and should have known that failure to maintain adequate technological safeguards would eventually result in a massive data breach.”
Although the Equifax site’s general terms of service stipulates a similar arbitration clause, it does offer an opt-out provision. Those wishing to take advantage must notify the company in writing within 30 days of accepting any agreement on the site itself. It wasn’t immediately clear whether this same opt-out provision applied to customers utilizing the TrustedID Premier services.
Equifax spokespersons did not immediately respond to a request for comment.
On Friday, Sen. Elizabeth Warren (D-MA) weighed in on the arbitration clause.
“.@Equifax is forcing you to give up your right to join a class action against the company if you want their credit protection product,” she tweeted. “That’s right: @Equifax fails to protect your data and then they demand you give up legal rights if you want to limit the damage they caused. [The Consumer Financial Protection Bureau]’s new rule would stop companies like @Equifax from avoiding legal accountability like this — as long as @GOP doesn’t reverse it.”
Warren was referring to a CFPB rule that prevents banks and credit card companies from using forced arbitration clauses that prevent customers from taking legal action against them or filing class-action lawsuits. Republican senators like Arkansas Sen. Tom Cotton (R) have previously blasted the rule as “anti-business.”