Equifax Cyber Attack faces a lawsuit from Canada Citizen


In September 2017, Equifax disclosed that a cyber attack on its database has exposed sensitive info of more than 143 million of its American consumers. The leaked data includes social security numbers, driver licenses, and phone numbers as well.

Daniel Thalheimer, 46, a citizen of Duncan, Canada has now filed a class action lawsuit against Equifax this month which says that the leaked data pertaining to him has/could further expose him to the risk of identity theft and fraud.

Daniel mentioned in his lawsuit that he received a letter from the credit monitoring company in October last year which said that his personal data and info had been compromised. The official letter claimed that hackers gained info to a file named on Daniel’s name which had details such as social insurance number, name, address, date of birth, phone number, email address and a secret question and answer which were credentials to login into the Equifax website. However, the website failed to mention what details were accessed by hackers.

Daniel fears that any hacker who gained details to the sensitive info stored on Equifax database (pertaining to him) can walk into his bank to pose as him to seek a loan or siphon off his money from his account.

“This whole thing scares me and so I filed a lawsuit in BC Supreme Court which happens to be a 2nd such suit in BC and third in Canada”, said Mr. Thalheimer.

Since the data breach occurred due to the vulnerability of the website application, it could have been avoided by the company if it had taken precautionary action in time.

Daniel is said to have launched a private inquiry on this issue in which he found that the developer of the website application has notified of the vulnerability on Feb 14th, 2017 and recommended a premium upgrade which was released on March 6th, 2017.

As per the security patches implementation policy of Equifax, it should have applied the patch within 48 hours of notification. But it did not do it until June 30, 2017- which happens to be the time after the breach had occurred, claims the suit.

On Sept 19, 2017, Equifax Canada notified to the world via a press statement saying that 100,000 Canadians were affected in the breach. But less than a month, it released another press statement saying that the impacted Canadians could be less than 11,000.

In March this year, Equifax issued a press statement that only 2.4 million US consumers were impacted by the breach.

As the statements were contradictory, Daniel chose to drag the company to the court.

Moreover, the Equifax letter which Thalheimer received had a mention of 12 months free complimentary credit monitoring as compensation to the breach. But Daniel was already a member of one such plan at that time. So, the announced reparation was useless in his perspective.

Daniel wants general, special aggravated and punitive damages as the compensation from the breach and David Moriarty is the attorney who is representing the said person in the court.

Naveen Goud
Naveen Goud is a writer at Cybersecurity Insiders covering topics such as Mergers & Acquisitions, Startups, Cyber Attacks, Cloud Security and Mobile Security

No posts to display