Data Breach/Data Privacy/Data Security

Dear Equifax: Your actions tell us you just don’t care

Equifax's Incident Response falls flat

           What some visitors of Equifax’s breach response site saw.

Dear Equifax – Your actions and conduct tell us that that the only thing you really care about is making more money. You would love for us to forget your negligent handling and safeguarding of consumer and business customer data. Over the weekend, one of the main topics of conversation that I kept hearing was about the Equifax data breach and Equifax’s absurd response to the breach. People were infuriated because–not only did Equifax screw them for failing to protect their sensitive data– but Equifax is now screwing them again for its abysmal response to one of the country’s most horrendous data breaches of its kind. Post breach, Equifax rubbed salt into the wounds of the many millions whose Personally Identifiable Information (PII) was compromised by promoting its own identity theft services. Yes – you got that right: Equifax has the nerve to profit from its own negligence.

Many of the folks who complained to me about Equifax didn’t realize that I was about to file a class action lawsuit. What they couldn’t understand was how this this multi billion dollar company could be so negligent and reckless with their valuable Personally Identifiable Information. After all, shouldn’t this company have done more given that it has over a $12 billion market cap and that it is specifically in the business with its use, collection, and brokering of “trusted unique data, innovative analytics, technology and industry expertise to power organizations and individuals around the world by transforming knowledge into insights that help make more informed business and personal decisions.” (Equifax’s own description of itself). They just knew that I had already sued Anthem for their massive healthcare data breach, and they were dying to know what I might do about Equifax’s data breach

My short reply to all of these incredibly frustrated consumers and business owners: Equifax’s actions seem to tell us that they care more about making more money and not much else. Why else would they send millions of panic stricken people to their breach incident site, which didn’t even have the proper security in place. If any diligent and skeptical visitor researched the site, one would have found that it wasn’t even registered to Equifax until some time late yesterday.

Of all companies, Equifax should have made the security of its database its top priority. But rather, it seems more interested in giving a free 12-month trial of their credit monitoring service. BTW: If you agree to this service, know that you’ll waive your right to sue them. Read more about it in the attached Class Action complaint, which I filed earlier this a.m..

Do you think that a “free” 12 month trial offer for credit monitoring and “identity theft insurance” is enough, after all that Equifax has done to allow bad actors to access your detailed PII? I hope not. If you are interested in joining other consumers and business owners to hold one of the country’s largest credit reporting bureaus accountable for its negligence and deceptive business practices, please contact my firm, Stritmatter Kessler.

Why do corporations hate class action lawsuits?

Let your congresspeople and senators know that they can’t kill class actions–one of your most powerful weapons against corporate wrongdoing.

Corporations love to demonize class action lawyers. Guess why? You can likely figure this out on your own, but I’ll spell it out here: Because a class action lawsuit is one of the most powerful tools that consumers have to make corporations accountable for their negligence. But the media doesn’t like to focus on the topic of class actions much because it’s not easy to digest via 10-second sound bites. Thus, witness another week of breathtaking, frenzied stories about the Trump administration. Reporters and talking heads gravitated to discussions about the abrupt departure of Flynn and Trump’s 77 minute presser. Meanwhile, a majority in the House worked in concert to destroy consumers’ most powerful tool to hold corporations accountable. That’s right, this past Wednesday the House Judiciary Committee voted on party lines to gut consumer protection class actions.

Interestingly, the corporate lobbyists’ anti-class-action talking points are eerily similar to the proposed “Fairness in Class Action Litigation Act of 2017,” introduced last week in the House of Representatives. Coincidence? Of course, not.

Most of the proposed procedural rule changes in Representative Bob Goodlatte’s  are directly traceable to the business lobby’s anti-class-action talking points. Goodlatte – a Virginia Republican and chair of the House Judiciary Committee is seizing on the corporate-friendly climate. He’s expanded last year’s proposed changes in a similarly named bill that was approved in the House but died in the Senate. If Congress adopts Goodlatte’s bill in anything like its current form, class actions will lose much of its potency. 

The bill will make class actions much more difficult to survive the most critical milestone–certification. And, for those class actions that would survive, the bill would make those automatically appealable. Moreover, the bill seeks to strip away attorneys’ fees so that fewer plaintiffs attorneys will pursue these.

Most consumers think that class actions are big, nebulous things that have little to do with their lives. But if you talk to regular people such like my class action clients, you’ll realize that the Congress needs to stop trying to striking fatal blows to this important vehicle for justice. Like my clients, consumers throughout this country need class action attorneys to fight for them because they can’t or don’t want to spend thousands of dollars and countless hours to fight a giant corporation. My class action clients are like your neighbors, your relatives, your colleagues, and your friends. They are Republicans, Democrats, and Independents. But, for them and for me, these lawsuits are not about politics. It’s about trying to hold a massive company accountable, when an individual consumer is wronged.

We all know that corporations are focused on maximizing profits. To maximize profits, these companies will cut corners, which often result in a harm to the consumers. When a consumer finds that they have a defective product or that their most private information has caused significant harm to them and their bank accounts, they are not sure who will go to bat for them. This is why class action attorneys play a critical role in leveling the field for the citizen who’s suffered injury because a manufacturer used shoddy material, security or processes.

Please, email/call/write your representatives and let them know that they represent your interests–not the corporations who’ve donated tens of thousands of dollars to their campaign.

Still “standing” after Spokeo. Time will tell what 2017 holds in store…

For consumer class action attorneys like myself, we can continue to count our blessings for the moment.  Indeed, a number of courts across the country continue to make commonsense and carefully crafted opinions that confer Art III standing for statutory damages claims.

I have much faith in the Ninth Circuit Court of Appeals. The panel just heard oral arguments,  as the U.S. Supreme Court had remanded Spokeo (back on Dec. 13th). The 9th Cir.’s new challenge is to tackle the concreteness requirement with newfound gusto. Judge O’Scannlain found it difficult to move past her view that Mr. Robin’s allegations (the resulting inability to find work because of a grossly incorrect report about him) were ostensibly sufficiently concrete, tangible harm. However, Counsel for Plaintiff, William Consovoy kept focus on the issue that the Spokeo court harped on: Defendant was making this about an apparently intangible harm that has yet to run through the rigors of a concreteness test as the one that Alito pieced apart in his majority opinion…

Well, hang tight, as the panel will render its decision in the early portion of next year. From that, we’ll get more guidance about what that court thinks is needed to satisfy Art. III standing requirements…

We have some phenomenal judges, such as Judge Lucy Koh in the N.D. of CA in the 9th Circuit. She recently decided the Matera v. Google case, which laid out a clear, incredibly thoroughly reasoned opinion indicating why specific allegations are substantive violations. As such, these violations give rise to sufficiently concrete and particular injuries in fact. Stay tuned for a more detailed analysis of her 9/23/16 order. I hope to write more about that case here as I reflect on the year’s developments in privacy law.

I will also write more about this a couple of recent cases out of the E.D. Va, including my insights regarding Thomas v. FTS, which lays out some strong arguments that a statutory damages class action attorney may want to crib. A fun but rocky ride ahead of us is guaranteed…

Why care about the insecurity of IoT

Outages across the US caused by last week’s DDoS attacks on Dyn, an Internet infrastructure company. Credit: Downdetector.com.

Outages across the US caused by last week’s DDoS attacks on Dyn, an Internet infrastructure company. Credit: Downdetector.com.

 

If you haven’t heard by now, the internet was under attack thanks to insecure “internet of things” (IoT) devices. The weapon of choice was the Mirai botnet, which crippled well known sites like CNN, Netflix, Twitter, etc. to a grinding halt. But how exactly did insecure IoT devices help the largest to date cyberattack experienced in the Western hemisphere?

The source of the outage was a distributed distributed denial of service (DDoS) attack, which leveraged  a network of IoT devices infected with special malware, known as a “botnet”. The botnet was orchestrated to bombard a server with traffic until it collapsed under the strain. The IoT devices included Xerox, Panasonic and Samsung printers, as well as an array of Chinese manufactured short circuit TVs, DVRs, etc.

Botnets are not new, unfortunately. But a botnet comprised of IoTs is what makes last week’s massive DDoS jaw dropping and terrifying. Why should you or anyone care, especially if technology is not in your wheelhouse? Think of finding out that your garage has served as shelter for a terrorist, who is part of a much larger cell, ready to take down half the country. The terrorist was able to get into your garage easily because you don’t secure it. Guess what? You’re one of the most vulnerable targets if the attack goes down.

Now, bring this back to the IoT framework. Many households are moving toward an connected, IoT world–from refrigerators, thermostats, security systems and security cameras. When everything goes smoothly, we forget how much rely on our IoT devices. It’s only when they’re compromised do we then realize that we may have a big problem.

The crux of the data security challenge that faces us all is that the Mirai botnet revealed how vulnerable we are because of insecure IoTs. The Mirai attack exploited 100,000 connected devices or “malicious endpoints,” which resulted in an epoch attack of 1.2 terabytes/second. Your DVR or short-circuit camera may have served as an unwitting accomplice in the now legendary DDoS attack.

 

 

Highline Medical Center tells 18.5K patients that their personal/health information was inadvertently left online for months.

About 18,499 patients of Franciscan Health Highline Medical Center cannot be very happy in Burien. Franciscan Health Highline Medical Center just notified its patients of a potential data breach after a vendor working on behalf of the medical center inadvertently left patient information accessible and unprotected via the internet for several months.

R-C Healthcare Management notified the hospital July 22 that some patient information had been accessible online from April 21 through June 13.

Potentially compromised information includes patient names, service dates, health insurance information and Social Security numbers. No medical information was included. The incident affects patients whose data was involved in account reporting functions from 1993 to 1994 and 2008 to 2013, according to the hospital’s notice.

R-C Healthcare reportedly told CHI Franciscan it secured the files as of June 13. The health system says it has no knowledge any of the information has been accessed, viewed, acquired or compromised by an unauthorized third party but is offering free credit monitoring for affected patients.

Please contact Catherine Fleming, if you were a member of the roughly 18K breached, we would like to talk to you. Please call Catherine Fleming at 206.448.1777 or email her Catherine@Stritmatter.com

About Us

This blog is maintained by attorneys at Stritmatter Kessler Whelan (SKW), focused on important legal issues, news, and developments... MORE
Connect
   
Subscribe

Add this blog to your feeds or subscribe by email using the form below.

Favorite Quotation

If thou faint in the day of adversity, thy strength is small.
— Proverbs 24:10

Intense love does not measure, it just gives.
— Mother Teresa

The test of a civilization is the way that it cares for its helpless members.
— Pearl S. Buck

You may trod on me in the very dirt. But still, like dirt, I'll rise.
— Maya Angelou

The worst sin towards our fellow creatures is not hate them, but to be indifferent to them; that's the essence of inhumanity.
— George Bernard Shaw

Without justice, courage is weak.
— Benjamin Franklin

Injustice anywhere is a threat to justice everywhere.
— Martin Luther King, Jr.

Fairness is an across-the-board requirement for all our interactions with each other ...Fairness treats everybody the same.
— Barbara Jordan

I consider trial by jury as the only anchor ever yet imagined by man, by which a government can be held to the principles of its constitution.
— Thomas Jefferson

Why should there not be a patient confidence in the ultimate justice of the people? Is there any equal hope in the world?
— Abraham Lincoln

I don’t know what kind of a future life I believe in, but I believe that all that we go through here must have some value.
— Eleanor Roosevelt

The basic proposition of the worth and dignity of man is the strongest, the most creative force now present in the world.
— Franklin D. Roosevelt

Justice is the end of government. It is the end of civil society. It ever has been and ever will be pursued until it is obtained, or until liberty be lost in the pursuit.
— James Madison

There is no truth existing which I fear, or would wish unknown to the whole world.
— Thomas Jefferson