Hagens Berman and Robbins Geller File 43-State Class-Action Lawsuit Against Equifax for Massive Data Breach


Complaint alleges breach was preventable and response was inexcusably delayed

ATLANTA Plaintiffs from 43 states filed a class-action lawsuit against Equifax today, following the credit bureau’s data breach affecting an estimated 143 million consumers. Hagens Berman and Robbins Geller, two firms which specialize in nationwide class-action cases on behalf of consumers and investors, are fighting for reimbursement and genuine protection from identity theft for consumers with a legal team including experts in data breach class actions and a former federal cyber-prosecutor.

Hagens Berman attorneys developed a comprehensive Equifax data breach FAQ for those affected by the hack, where they answer key questions about protecting your identity, the lawsuit, and what consumers can expect from a class-action lawsuit against Equifax. The firms’ lawsuit seeks to make affected consumers whole and seeks remedies for Equifax’s negligence and under 62 state consumer protection and data breach laws. Find out your rights.

The complaint, filed Sept. 22, 2017, in the U.S. District Court for the Northern District of Georgia states that Equifax failed to follow simple rules that any credit reporting agency must follow, including protecting the information it collects by maintaining computer and data security, and ensuring that any system vulnerabilities are patched quickly, especially when such patches are free and readily available.

“The massive data breach could have been prevented and should have been detected and disclosed earlier,” the suit states.

Steve Berman, Hagens Berman’s managing partner stated: “It’s ironic that one of the largest sellers of identity theft protection, itself disregarded the basic and industry standard practice of installing security patches.  This data breach will have devastating and long-lasting repercussions for nearly half the adult population of the United States.”

Stuart Davidson, the partner at Robbins Geller leading its data breach practice noted: “In its 2016 annual report, Equifax boasted more than $3.1 billion in revenue and nearly $1 billion in profits. It had the resources to make sure that all available security patches were promptly installed, and had it done so, it would have prevented this massive breach of the most sensitive data belonging to 143 million consumers.”

“These hackers were able to walk away with Social Security numbers, addresses, birthdates, driver’s license numbers, and in some cases credit card numbers, thanks to Equifax’s lax processes for data safety and security,” said Thomas Loeser, a former federal cyber-prosecutor and partner at Hagens Berman. “This breach has provided criminals with the crown jewels of identity theft.”

The suit details that for two months before the data breach started, Equifax had notice of the software vulnerability that hackers exploited. Despite press reports of widespread use of this vulnerability, Equifax failed to install an available patch or take its vulnerable systems offline.

Ars Technica reported on Mar. 9, 2017 and Mar. 14, 2017 that sites using the software framework that led to the Equifax breach – “Apache Struts CVE-2017-5638” – were under heavy attack by hackers. The framework’s vulnerability had been publicly disclosed and widely known since Mar. 2017, according to the lawsuit, and the Apache Software Foundation gave public notice on Mar. 7, 2017, after making a security patch freely available on Mar. 6, 2017.

Loeser, who prosecuted hackers for data breach crimes when he worked for the Department of Justice, explained: “While consumers can readily change credit card account numbers and close vulnerable bank accounts, Social Security numbers and driver’s license numbers are usually permanent and difficult and costly to change. This means that criminals and identity thieves can wait months, years, even decades, before using the stolen information to open loans, obtain credit cards, and file false federal tax returns in unsuspecting victims’ names.” 

Find out more about the class-action lawsuit against Equifax.


About Hagens Berman
Hagens Berman Sobol Shapiro LLP is a consumer-rights class-action law firm with 11 offices across the country. The firm has been named to the National Law Journal’s Plaintiffs’ Hot List eight times. More about the law firm and its successes can be found at www.hbsslaw.com. Follow the firm for updates and news at @ClassActionLaw.

About Robbins Geller
Robbins Geller represents U.S. and international institutional investors in contingency-based securities and corporate litigation. With nearly 200 lawyers in nine offices, the firm represents hundreds of public and multi-employer pension funds with combined assets under management in excess of $2 trillion. The firm has obtained many of the largest recoveries and has been ranked number one in the number of shareholder class action recoveries in MSCI’s Top SCAS 50 every year since 2003. Please visit http://www.rgrdlaw.com for more information.

Media Contacts

Hagens Berman
Ashley Klann

Robbins Geller
Samuel H. Rudman, 800-449-4900
David A. Rosenfeld

Hagens Berman purchases advertisements on search engines, social media sites and other websites. Transmission of the information contained or available through this website is not intended to create, and receipt does not constitute, an attorney-client relationship. If you seek legal advice or representation by Hagens Berman, you must first enter a formal agreement. All information contained in any transmission is confidential and Hagens Berman agrees to protect information against unauthorized use, publication or disclosure. This site is regulated by the Washington Rules of Professional Conduct.

Back to all cases

Contact Us:

Hagens Berman is a national law firm that purchases ads. Submitting this form does not create an attorney-client relationship with the firm, but we will make our best effort to keep your information confidential.


Equifax Resource Center:

Frequently Asked Questions

The legal team will post more resources here as the case develops.

Case videos

Case Gallery

Case Timeline

12/11/17: Case Management Order Issued

Judge Thrash issued his Case Management Order No. 1. The court will hold an initial case management conference in Atlanta on Jan. 9, 2018. 

12/08/17: Case Consolidated

Today, the MDL panel consolidated the hundreds of Equifax cases and sent them all to the Northern District of Georgia, which is where Hagens Berman lawyers had requested the cases be sent.  Judge Thrash in Atlanta will oversee the cases.

Related News