As Equifax consumers attempt to check whether they are among the 143 million individuals whose information has been compromised in a massive cyber-attack, the consumer credit reporting agency has included a clause on its TrustedID portal that could disqualify victims from joining a class-action suit.
In response to the hack, Equifax has established a website allowing individuals to check whether their personal information has been impacted. However, by using the portal and joining TrustedID, it appears from the terms of service that people are implicitly agreeing to a clause that bars them from taking part in any class action against the company: “Please read this entire section carefully because it affects your legal rights by requiring arbitration of disputes (except as set forth below) and a waiver of the ability to bring or participate in a class action, class arbitration, or other representative action. Arbitration provides a quick and cost effective mechanism for resolving disputes, but you should be aware that it also limits your rights to discovery and appeal.” The caveat was first reported by TechCrunch.
On Friday, Equifax updated its terms of service allowing consumers to opt out of this arbitration clause, but that requires them to “notify Equifax in writing within 30 days of the date that you first accept this agreement on the site,” according to The Washington Post.
One of the attorneys involved with a proposed class-action lawsuit filed on Thursday evening warned customers about using the portal.
“Equifax has placed a stealth arbitration clause, which waives the victim’s right to sue,” Ben Meiselas, attorney with Geragos & Geragos, told FOX Business on Friday. “By checking the Equifax site if you are a victim and entering your information binds a consumer to a complex arbitration scheme.”
Another problem with using the TrustedID program is that it is operated by Equifax, so consumers are once again giving sensitive information to the company.
Equifax did not return FOX Business’ request for comment at the time of publication.
Geragos & Geragos along with OlsenDaines filed a proposed class-action suit Thursday evening on behalf of two plaintiffs whose information was stored by Equifax and hacked by an unauthorized third party. The complaint alleges Equifax was negligent in failing to provide adequate technological safeguards to protect consumer information and that it should have spent more to prevent cyber-attacks, but chose not to.
Meiselas said the class-action suit against Equifax could be one of the largest “in U.S. history.” The firm is seeking up to $70 billion in damages as a result of two years’ worth of identity theft for victims, Meiselas told FOX Business. He also voiced concerns about the three executives who sold stock after the company became aware of the breach on July 29, but before it was disclosed publicly on Thursday.