MDL Docket No
Total Page:16
File Type:pdf, Size:1020Kb
Case 1:17-md-02800-TWT Document 374 Filed 05/14/18 Page 1 of 575 IN THE UNITED STATES DISTRICT COURT FOR THE NORTHERN DISTRICT OF GEORGIA ATLANTA DIVISION _____________________________ ) MDL Docket No. 2800 In re: Equifax, Inc. Customer ) Case No.: 1:17-md-2800-TWT Data Security Breach Litigation ) ) CONSUMER ACTIONS _____________________________ ) CONSOLIDATED CONSUMER CLASS ACTION COMPLAINT “We at Equifax clearly understood that the collection of American consumer information and data carries with it enormous responsibility to protect that data. We did not live up to that responsibility.” Richard F. Smith, Equifax’s former Chief Executive Officer October 3, 2017 Amy E. Keller Kenneth S. Canfield DICELLO LEVITT & CASEY LLC DOFFERMYRE SHIELDS Ten North Dearborn Street CANFIELD & KNOWLES, LLC Eleventh Floor 1355 Peachtree Street, N.E. Suite 1900 Chicago, Illinois 60602 Atlanta, Georgia 30309 Norman E. Siegel STUEVE SIEGEL HANSON LLP 460 Nichols Road, Suite 200 Kansas City, Missouri 64112 Consumer Plaintiffs’ Co-Lead Counsel Other Counsel Identified on Signature Pages Case 1:17-md-02800-TWT Document 374 Filed 05/14/18 Page 2 of 575 TABLE OF CONTENTS INTRODUCTION .................................................................................................... 1 JURISDICTION AND VENUE .............................................................................. 4 NAMED PLAINTIFFS ............................................................................................ 5 DEFENDANTS AND THEIR RELEVANT CORPORATE STRUCTURE ... 70 STATEMENT OF FACTS .................................................................................... 75 The Importance of Consumer Credit in the U.S. Economy ............................... 75 Equifax Compiles Massive Amounts of Consumer Information ....................... 78 Equifax Recognized the Importance of Data Security ....................................... 85 Equifax Has a History of Inadequate Data Security Practices ........................... 94 The Equifax Data Breach ..................................................................................102 Equifax Discovers the Data Breach ..................................................................107 Equifax’s Inadequate Data Security Practices ..................................................112 Equifax’s Botched Public Disclosure and Response to the Breach .................119 Equifax Recommends Implementing Credit Freezes .......................................133 Reactions to the Data Breach ............................................................................140 Aftermath of the Breach: Consequences for Consumers and the Economy ....145 CLASS ACTION ALLEGATIONS ...................................................................152 CHOICE OF LAW FOR NATIONWIDE CLAIMS .......................................159160 CLAIMS ON BEHALF OF THE NATIONWIDE CLASS COUNT 1 ..........................................................................................................161 VIOLATION OF THE FAIR CREDIT REPORTING ACT 15 U.S.C. §§ 1681, et seq. COUNT 2 ..........................................................................................................167 NEGLIGENCE i Case 1:17-md-02800-TWT Document 374 Filed 05/14/18 Page 3 of 575 COUNT 3 ..........................................................................................................175 NEGLIGENCE PER SE COUNT 4 ..........................................................................................................176 GEORGIA FAIR BUSINESS PRACTICES ACT COUNT 5 ..........................................................................................................186 UNJUST ENRICHMENT COUNT 6 ..........................................................................................................189 DECLARATORY JUDGMENT CLAIMS ON BEHALF OF THE EQUIFAX CONTRACT SUBCLASS COUNT 7 ..........................................................................................................192 BREACH OF CONTRACT COUNT 8 ..........................................................................................................194 BREACH OF IMPLIED CONTRACT CLAIMS ON BEHALF OF THE FCRA DISCLOSURE SUBCLASS COUNT 9 ..........................................................................................................197 VIOLATION OF THE FAIR CREDIT REPORTING ACT 15 U.S.C. § 1681g(a) CLAIMS ON BEHALF OF THE ALABAMA SUBCLASS COUNT 10 ........................................................................................................199 ALABAMA DECEPTIVE TRADE PRACTICES ACT Ala. Code §§ 8-19-1, et seq. CLAIMS ON BEHALF OF THE ALASKA SUBCLASS COUNT 11 ........................................................................................................205 PERSONAL INFORMATION PROTECTION ACT Alaska Stat. §§ 45.48.010, et seq. COUNT 12 ........................................................................................................207 ALASKA CONSUMER PROTECTION ACT Alaska Stat. §§ 45.50.471, et seq. ii Case 1:17-md-02800-TWT Document 374 Filed 05/14/18 Page 4 of 575 CLAIMS ON BEHALF OF THE ARIZONA SUBCLASS COUNT 13 ........................................................................................................212 ARIZONA CONSUMER FRAUD ACT A.R.S. §§ 44-1521, et seq. CLAIMS ON BEHALF OF THE ARKANSAS SUBCLASS COUNT 14 ........................................................................................................216 ARKANSAS DECEPTIVE TRADE PRACTICES ACT A.C.A. §§ 4-88-101, et seq. CLAIMS ON BEHALF OF THE CALIFORNIA SUBCLASS COUNT 15 ........................................................................................................222 CALIFORNIA CUSTOMER RECORDS ACT Cal. Civ. Code §§ 1798.80, et seq. COUNT 16 ........................................................................................................224 CALIFORNIA UNFAIR COMPETITION LAW Cal. Bus. & Prof. Code §§ 17200, et seq. COUNT 17 ........................................................................................................230 CALIFORNIA CONSUMER LEGAL REMEDIES ACT Cal. Civ. Code §§ 1750, et seq. CLAIMS ON BEHALF OF THE COLORADO SUBLCASS COUNT 18 ........................................................................................................233 COLORADO SECURITY BREACH NOTIFICATION ACT Colo. Rev. Stat. §§ 6-1-716, et seq. COUNT 19 ........................................................................................................235 COLORADO CONSUMER PROTECTION ACT Colo. Rev. Stat. §§ 6-1-101, et seq. CLAIMS ON BEHALF OF THE CONNECTICUT SUBCLASS COUNT 20 ........................................................................................................240 BREACH OF SECURITY REGARDING COMPUTERIZED DATA C.G.S.A. § 36a-701b iii Case 1:17-md-02800-TWT Document 374 Filed 05/14/18 Page 5 of 575 CLAIMS ON BEHALF OF THE DELAWARE SUBCLASS COUNT 21 ........................................................................................................242 DELAWARE COMPUTER SECURITY BREACH ACT 6 Del. Code Ann. §§ 12B-102, et seq. COUNT 22 ........................................................................................................243 DELAWARE CONSUMER FRAUD ACT 6 Del. Code §§ 2513, et seq. CLAIMS ON BEHALF OF THE DISTRICT OF COLUMBIA SUBCLASS COUNT 23 ........................................................................................................248 DISTRICT OF COLUMBIA CONSUMER SECURITY BREACH NOTIFICATION ACT D.C. Code §§ 28-3851, et seq. COUNT 24 ........................................................................................................250 DISTRICT OF COLUMBIA CONSUMER PROTECTION PROCEDURES ACT D.C. Code §§ 28-3904, et seq. CLAIMS ON BEHALF OF THE FLORIDA SUBCLASS COUNT 25 ........................................................................................................255 FLORIDA DECEPTIVE AND UNFAIR TRADE PRACTICES ACT Fla. Stat. §§ 501.201, et seq. CLAIMS ON BEHALF OF THE GEORGIA SUBCLASS COUNT 26 ........................................................................................................260259 GEORGIA SECURITY BREACH NOTIFICATION ACT O.C.G.A. §§ 10-1-912, et seq. COUNT 27 ........................................................................................................261 GEORGIA UNIFORM DECEPTIVE TRADE PRACTICES ACT O.C.G.A. §§ 10-1-370, et seq. iv Case 1:17-md-02800-TWT Document 374 Filed 05/14/18 Page 6 of 575 CLAIMS ON BEHALF OF THE HAWAII SUBCLASS COUNT 28 ........................................................................................................266 HAWAII SECURITY BREACH NOTIFICATION ACT Haw. Rev. Stat. §§ 487N-1, et seq. COUNT 29 ........................................................................................................267 HAWAII UNFAIR PRACTICES AND UNFAIR COMPETITION ACT Haw. Rev. Stat. §§ 480-1, et seq. COUNT 30 ........................................................................................................271 HAWAII UNIFORM DECEPTIVE TRADE PRACTICE ACT Haw. Rev. Stat. §§ 481A-3, et seq. CLAIMS ON BEHALF OF THE IDAHO SUBCLASS COUNT 31 ........................................................................................................275 IDAHO CONSUMER PROTECTION ACT Idaho Code §§ 48-601, et seq. CLAIMS ON BEHALF OF THE ILLINOIS SUBCLASS COUNT 32 ........................................................................................................280279 ILLINOIS PERSONAL INFORMATION PROTECTION ACT 815 Ill. Comp. Stat. §§ 530/10(a), et seq. COUNT