Experian: Class Action Lawsuits and Cyberspace Laws
On July 17, 2015, a class action lawsuit was filed against Experian claiming that the company had been negligent in violating consumer protection laws. The lawsuit alleged that Experian did not have appropriate security measures in place, which led to a data breach. The hacker was a scammer who was able to resell the customer information. This criminal activity was undetected for almost ten months before Experian discovered it. The criminal has been prosecuted and has admitted to paying for access to customers’ accounts, under the guise of a private investigator, before using his access to gather customer information.
The number of United States citizens likely affected by this data breach has reached 13,673. A class action is a civil suit brought by a large group. The four basic requirements for a group to be certified as a class, include, numerosity, commonality, typicality, and adequacy of representation. The class must be so numerous that joinder of all members is impracticable. The number in the Experian is more than sufficient, but there can be as few as thirty-five members in a class action. The questions of law or fact need to be common to each member of the class. In this case, all of the plaintiffs were harmed by the alleged negligence in the same way, so there is a large group making a claim under same or similar facts and laws. One or more persons, who are members of the class, may sue or be sued as representatives of the class if their claims or defenses are typical of the class’s claims or defenses. These representatives must fairly and adequately represent the interests of the class. These representatives have been chosen to speak for the larger class. However, whether they are suitable to represent the class is within the court’s discretion.
In this case, the identity and personal information of Experian’s customers were stolen, distributed, and sold. This type of misconduct constitutes Internet fraud. Internet fraud includes, online auction fraud, non-delivery of merchandise purchased online, investment fraud, business fraud, email scams, and identity theft. Experian is arguably the victim of the fraud. However, plaintiffs are seeking damages for the negligence on its part for permitting the data breach to occur, which may constitute violation of the Fair Credit Reporting Act (“FCRA”). The FCRA regulates how consumer reporting agencies, like Experian, manage consumer information. It will now be for the plaintiffs to prove that Experian was negligent in its handling of their information and whether there is evidence of actual damages.
In general, companies can protect themselves from high-tech fraud (e.g., Internet fraud) by implementing proper security measures such as: (1) Intrusion Detection System; (2) Firewall; (3) Encryption; and (4) Multi-factor authentication. The FBI has advised consumers to be cautious and distrust any website or email promising large sums of money. In addition, consumers should not believe that a website is credible simply because it looks professional.
For more information about your legal rights, you should consult with an attorney. At our law firm, we assist clients with online privacy, cloud computing, cybersecurity, and class action related matters.