Equifax has asked a federal judge to reject the claims from 46 banks and credit unions for payment of damages because of last year's massive data breach at the Atlanta-based company.
The companies, which are based in 29 states, sued Equifax and claimed that Equifax owes them for all the costs they incurred after the data breach was revealed. The cost were associated with the actions taken to protect themselves and their customers from fraud, the suit claims.
Those costs could easily run into many millions of dollars.
However, the company wants all the claims tossed out, according to a filing this week in U.S. District Court in the Northern District of Georgia before Judge Thomas Thrash.
A company spokeswoman said Thursday that the company does not comment on pending litigation. However, in the filing signed by attorney David Balser, Equifax said the plaintiffs' claims were based on seeing the massive breach has having "such ripple effects on the economy that any bank, credit union, or credit association may sue" Equifax.
“That attenuated theory of liability is unprecedented,” the filing said.
Last September, Equifax revealed a breach of its data — personal information gathered on roughly 150 million people. The breach led to departures of several high-ranking company officials, including Rick Smith, company chief executive. It has also triggered two prosecutions by the U.S. Attorney of former Equifax executives who allegedly used information about the breach to sell stock at a profit before the company announced the breach.
The company, however, has faced no discipline from Congress, federal regulators or — for that matter — the market.
Among the arguments for dismissal of the suit, the Equifax filing says the banks and credit unions do have legal standing to make their case, but also cannot show that Equifax actions caused them to spend the money they want to recoup.
“Equifax’s allegedly inadequate security measures did not cause Plaintiffs’ alleged harms… Plaintiffs cannot plausibly allege that any of these costs are due to Equifax and not
due to other data breaches, regulations … or the security risks that companies face.”
Equifax says that the companies have simply not shown that Equifax actions or negligence caused them harm.