In 2017, credit reporting agency Equifax experienced a data breach that impacted 143 million consumers. Fallout from the breach included class action lawsuits initiated by various plaintiff classes such as consumers, financial institutions and a small business class.
At a recent Senate Subcommittee on Investigations hearing, Chairman Rob Portman released a report finding that Equifax failed to follow basic cybersecurity practices and failed to preserve important documents relating to the data breach. More specifically:
- Equifax employees indicated the use of Microsoft Lync, a chat application;
- Equifax discovered the breach on July 29, 2017 and the company’s security team used Lync to discuss the hacked system and Equifax’s response;
- Equifax issued a notice not to destroy documents related to the data breach on August 22, 2017 but did not set up Lync to archive any of the chats until September 15, 2017; and
- None of the chats that occurred prior to September 15, 2017 were archived.
The impact of the failure to retain records remains to be seen. Access Chairman Portman’s Opening Statement at the hearing here. Contact us at Ossian Law P. C. regarding any information technology law matter.
© 2019 Ossian Law P.C.