Equifax Says Dismiss Small Businesses From Data Breach Class Action

Top Class Actions’s website and social media posts use affiliate links. If you make a purchase using such links, we may receive a commission, but it will not result in any additional charges to you. Please review our Affiliate Link Disclosure for more information.

On Monday, Equifax Inc. asked a Georgia federal judge to dismiss claims brought by 10 small businesses in a massive data breach class action lawsuit because businesses cannot bring claims based on the alleged injuries of the business owners.

Equifax says that the businesses do not claim that their own confidential business information was compromised in the 2017 cyberattack on Equifax.

“Rather, in trying out a new legal theory that has never been advanced–much less accepted–in data breach litigation, the Business Plaintiffs assert claims based on the theft of their owners’ personally identifying information (‘PII’),” Equifax argues.

“The crux of the Business Plaintiffs’ Complaint is that their owners’ PII was compromised in the Equifax data breach, and that the Business Plaintiffs could be harmed because they rely on the creditworthiness of their owners to obtain business credit.”

Equifax says that the businesses’ arguments fail because they allege wrongful conduct by Equifax on behalf of their owners, whose claims are currently being litigated in a consolidated consumer class action lawsuit.

The businesses also fail to allege any injury that they have suffered due to the Equifax data breach, Equifax argues. They claim that they suffered economic harm because they had to pay for credit monitoring services, but Equifax says that claim is “far too speculative and attenuated to support standing.”

Further, the businesses fail to adequately suggest that their alleged injuries were caused by the Equifax data breach, according to Equifax.

“Data breaches today are unfortunately commonplace–there were more than 1,500 breaches in 2017 alone–and no Business Plaintiff pleads that their owners’ PII was not stolen in any prior breach,” Equifax argues.

The Equifax data breach was announced in September 2017 when Equifax acknowledged that PII including names, birth dates, Social Security numbers, driver’s license numbers, address history and other sensitive financial data had been accessed by unauthorized parties from May to June 2017.

The sensitive personal information of more than 143 million Americans was reportedly exposed during the Equifax data breach.

The credit reporting agency was subsequently hit with more than 50 lawsuits. In November 2017, a nationwide Equifax data breach class action lawsuit was filed.

In December, the Equifax data breach class action lawsuits were consolidated in Georgia federal court under the title In re: Equifax Inc. Customer Data Security Breach Litigation.

The judge separated the allegations into two separate tracks: one for consumer-related claims and the other for claims from financial institutions. Small business claims are included in the consumer track.

The consumer plaintiffs are represented by DiCello Levitt & Casey LLC, Doffermyre Shields Canfield & Knowles LLC, Stueve Siegel Hanson LLP, Barnes Law Group LLC, Evangelista Worley LLC, Griffin & Strong PC, Cohen Milstein Sellers & Toll PLLC, Girard Gibbs LLP, Hausfeld LLP, Milberg Tadler Phillips Grossman LLP, Morgan & Morgan Complex Litigation Group, Murphy Falcon & Murphy and The Doss Firm LLC.

The Equifax Data Breach Class Action Lawsuit is In re: Equifax Inc. Customer Data Security Breach Litigation, Case No. 1:17-md-02800, in the U.S. District Court for the Northern District of Georgia.