SAN FRANCISCO — Equifax’s struggle to deal with the fallout from a massive security breach is growing as lawmakers are asking questions about what happened and more consumers are lawyering up.
People reported difficulties getting through to the company’s call center over the weekend, including long waits, being disconnected after waiting and call center hours that didn’t correspond to Equifax’ own statements.
As many as 143 million, or 44% of Americans, may have had their information stolen in a data breach that put Social Security numbers and other vital identity information at risk.
On Monday, Sens. Orrin Hatch, R-Utah, and Ron Wyden, D-Oregon, of the Senate Committee on Finance, sent Equifax detailed questions about the breach. A copy of the letter, reviewed by USA TODAY, shows the panel wants a detailed timeline of the breach, information about the company’s efforts to identify the number of consumers affected, the breadth of information compromised and the steps Equifax has taken to identify and limit potential consumer harm.
Meanwhile, at least 23 proposed class-action lawsuits have been brought against the company so far. Federal court records show the lawsuits were filed through the weekend. Equifax did not respond to emails seeking comment on the cases.
Trouble getting help
When it disclosed the breach late Thursday, Equifax encouraged consumers to check its website to find out if they may have been affected and to sign up for free credit monitoring. But the main Equifax.com site was overloaded and intermittently unavailable over the course of the day Friday.
Customers calling its toll-free number had trouble over the weekend. Complaints from consumers that they couldn’t get through to Equifax on its toll-free number followed a statement on Friday saying it had added an additional 2,000 staffers to its call center.
On Monday, Equifax issued a statement that Hurricane Irma could be impacting some of its call center wait times and it had arranged to ramp up agents quickly “to replace agents impacted by the storm.” The company said that “a number” of its call center agents are located in areas of Florida and Georgia that may be impacted by the storm. The company didn’t immediately respond to a request for more information about its call centers.
“While I don’t want to badmouth Equifax, they seem to have some issues. They knew it was going to happen. They knew the release date. They were in control of the situation. They could have made all these things work right the first time,” said Itzik Kotler, chief technology officer at SafeBreach, a company that helps firms develop breach and remediation scenarios.
While the Equifax breach has the potential to harm close to half of all Americans, the company’s actual customers are businesses such as retailers, insurance firms, banks and utilities who want to check the credit of potential customers — not the individuals whose data the company has been collecting since 1899.
“The people they actually harmed, the people they have all this data on, they don’t really care about because we’re not their customers,” said Susan McCarthy, of SorryWatch a website that tracks and analyzes apologies.
“We didn’t sign up with them and we don’t have the option of saying, ‘Oh, I won’t have a credit report anymore,’” she said. “What are we going to do, move to a new state and change our birthdate?”
The relatively large number of new lawsuits against Equifax that seek class-action status signal the high legal stakes over the potential for identity-theft losses by millions of Americans whose personal data was exposed.
The cases also show an eagerness by plaintiff law firms to stake swift claims on behalf of consumers who eventually might be in line for a share of either a court judgment against Equifax or a settlement by the company.