The Independent Community Bankers of America (“ICBA”) filed a class-action lawsuit against Equifax in connection with its recent cybersecurity breach. The breach exposed the private information (including the names, Social Security numbers and dates of birth) of over 145 million consumers. The Complaint was filed in the U.S. District Court for the Northern District of Georgia. ICBA alleged that Equifax failed to take appropriate steps to safeguard customer data.
ICBA claimed that the breach resulted from Equifax’ failure to implement effective cybersecurity and data protection measures. This failure, ICBA alleged, was evidenced by the fact that the breach was not detected for more than two months, in spite of red flags that should have alerted Equifax. By failing to protect customer data, ICBA said, Equifax caused significant financial damage to ICBA members that were forced to cancel and replace customer payment cards, cover fraudulent purchases, and take other measures to mitigate fraudulent activity facilitated by data accessed through the breach.
ICBA alleged that Equifax had a duty to protect the customer information received from ICBA members. ICBA also asserted that the breach occurred due to the active mismanagement of consumer data and failure to act appropriately in response to numerous warnings concerning a vulnerability in software used by Equifax. ICBA claims that Equifax violated federal security requirements, Federal Trade Commission requirements and industry standards. ICBA stated that its members have and will continue to experience substantial financial harm resulting from not only the direct effects of the breach – such as replacing payment cards and bearing losses for fraudulent charges – but also the “chilling effect this breach will have on consumers.” ICBA also pointed to potential regulatory reporting difficulties for its members.
ICBA is seeking relief in the form of a monetary judgment in addition to enhanced cybersecurity compliance requirements for Equifax.