Five federal class-action lawsuits against Equifax have been consolidated in U.S. District Court in White Plains.
The local cases are part of a national deluge of complaints filed since Sept. 7, when the Atlanta company announced that hackers had breached a public website and extracted names, dates of birth, addresses, driver’s license numbers and Social Security numbers of as many as 143 million people.
As of this morning, 349 federal lawsuits had been filed nationally.
Two Hudson Valley women sued on Sept. 11, and their case was assigned to U.S. District Judge Vincent Briccetti in White Plains.
Another four cases were filed originally in federal court in Manhattan by plaintiffs from Manhattan, the Bronx and Queens, and from Westchester, Suffolk and Monroe counties.
The complaints were identified as related and were assigned to Briccetti.
Nationally, the lawsuits are based in most instances on the federal Fair Credit Reporting Act and are classified as consumer credit cases. Some filers have characterized their complaints as personal injury, product liability, fraud, securities violations or contract disputes.
Linda Tirelli of New City and Brooke Merino of Poughkeepsie, who filed one of the first cases in the district, cited violations of the federal fair credit law and New York’s general business law.
The intent of the Fair Credit Reporting Act, they explain, is to strike a balance between the industry’s desire to base credit decisions on accurate information and consumers’ interests in protecting sensitive personal information.
Consumers, for instance, have the right to monitor their credit information to protect their privacy.
The Equifax breach is believed to have begun in mid-May and was discovered on July 29.
But Equifax waited six weeks to alert consumers. That delay, Tirelli and Merino argue, deprived them of the opportunity to protect themselves.
They are accusing Equifax of negligence and demanding that the company compensate them, and everyone else in the United States who has been harmed, for damages.
Events have already overtaken part of their lawsuit.
They claim Equifax tried to trick consumers into accepting free credit monitoring service by requiring them to waive their right to sue and by allowing consumers to seek compensation only through an arbitration process.
That’s a classic “bait and switch,” they said, that is prohibited under the state’s general business law.
Tirelli and Merino asked the court to declare the arbitration clause invalid.
But Eric T. Schneiderman, the state attorney general, had already challenged the arbitration clause and Equifax has revised the terms for people enrolling in free credit monitoring and identity theft protection services. Now, anyone affected by the cybersecurity incident may join a class-action lawsuit.
The massive breach has also spurred several investigations by federal agencies and state attorneys general and has prompted state lawmakers to propose new laws.
State Sen. David Carlucci of Clarkstown has co-sponsored a bill that would require credit agencies to provide free lifetime identity theft protection services after a data breach that involves Social Security numbers.
Assemblyman David Buchwald of White Plains co-sponsored a bill that would not let any credit agency charge fees for freezing and unfreezing credit reports for five years after a data breach.