Massachusetts can sue Equifax over data breach, judge rules


BOSTON (Reuters) – Massachusetts can move forward with a lawsuit accusing credit reporting firm Equifax Inc (EFX.N) of failing to safeguard its databases or provide prompt notice of a breach that exposed the personal data of 147 million people, a state court judge has ruled.

FILE PHOTO: Credit reporting company Equifax Inc. corporate offices are pictured in Atlanta, Georgia, U.S., September 8, 2017. REUTERS/Tami Chappell/File Photo

Suffolk County Superior Court Judge Kenneth Salinger in Boston, in a decision made public on Wednesday, denied a motion by Equifax to dismiss a lawsuit that Massachusetts Attorney General Maura Healey filed in September after the breach was disclosed.

Salinger wrote that the lawsuit stated a plausible claim that Equifax breached its legal duties to address all reasonably foreseeable risks to its data security and to implement reasonably up-to-date fixes to its software.

The lawsuit alleged that Equifax knew or should have known by March 2017 that a serious security vulnerability existed in computer code that the company used in its systems but failed to patch or upgrade its software to eliminate it.

The company ultimately announced that a cyber security incident had occurred in September.

“These allegations state a viable claim for violation of the data security regulations,” Salinger wrote.

Equifax did not immediately respond to a request for comment. Healey’s office had no immediate comment.

The lawsuit is one of several legal challenges facing Equifax related to the data breach. It also faces class action lawsuits, investigations by more than 40 state attorneys general and a probe by the U.S. Federal Trade Commission.

Reporting By Tom Brown

Facebook Comments

Comments are closed.