The company failed to act on a March 2017 warning from federal authorities about a vulnerability that hackers would later exploit, resulting in the exposure of millions of consumers’ Social Security numbers, driver’s license numbers and other sensitive personal information.
Even after the breach, Equifax fumbled its response, briefly directing worried consumers to a fake, unaffiliated website. By its own admission, the security lapse had cost the company almost $243 million by the end of the first quarter of this year.
For many, those missteps were a motivation to act. No matter how futile it seemed to take on a multibillion-dollar corporation, local courts at least offered an opportunity to hold Equifax to account.
“They have a responsibility to either get back to you or lose,” Ms. West said of the small claims process. “That’s the most fascinating thing.”
For Ms. Bernstein, who runs a medical device consulting business, the Equifax breach was particularly frustrating because it threatened to interfere with her ability to apply for government grants. Because the grants often require credit checks, a credit freeze, which experts recommended after the breach, was out of the question.
“I really don’t need this aggravation with my credit and my phone number and, God knows, maybe my bank account numbers being leaked all over the internet,” she recalled thinking.
A judge in San Francisco Superior Court agreed, ordering Equifax to pay not only for the cost of credit monitoring, but also for the emotional distress and time Ms. Bernstein spent trying to get through to the company. On appeal, another judge reduced the award by about $2,000, setting it at $7,440.
In the end, Ms. Bernstein received restitution and relief: Last week, just days before receiving the Equifax check, Ms. Bernstein opened an envelope containing another check, this one for $15,000 for a grant she had just been awarded.