{ Banner Image }

Equifax Data Breach: Three Steps Every Company Should Take

September 11, 2017

Equifax, one of the three major U.S. credit reporting and monitoring agencies, announced it recently experienced a massive breach of customers’ personal information. The personal data, including Social Security numbers, birth dates, and addresses, of 143 million Americans could have been compromised in the breach. Given the nature of the information stolen, this breach is particularly severe, with potentially significant risks for affected individuals, including identity theft. You can learn more from Equifax about the breach here.

Many organizations use Equifax for a variety of business activities, including applicant and employee background checks and tax form management. Even organizations without a business relationship with Equifax may have employees affected by the breach due to their personal activities.

Honigman recommends you take the following steps as you start to navigate the potential impact of the Equifax breach on your organization and employees:

  1. Determine if your organization has a business relationship with Equifax 
    Contact the relevant departments or individuals internally to identify what, if any, business relationship your organization has with Equifax. If your organization shares personal information with Equifax as part of a business relationship, you will want to assess any issues relating to privacy obligations you may have to employees and/or customers and evaluate the terms of any written agreement with Equifax.
  2. Inform employees of the breach and steps they can take for protection  
    Even if your organization does not have a business relationship with Equifax, you may want to notify employees of the potential impact on their personal information given the broad scope of the breach. Employees can determine if their personal information may have been impacted here: https://www.equifaxsecurity2017.com/potential-impact/. Affected employees can follow the prompts to enroll in credit monitoring or go to https://www.equifaxsecurity2017.com/enroll/. Equifax is offering free credit monitoring to affected individuals that register for coverage. Employees may also obtain additional information on protecting their information at ftc.gov/idtheft.

    If your organization has shared personal information of employees with Equifax as part of a business relationship, you should evaluate the potential legal implications for your organization before communicating with employees about the breach. If you have questions about potential risks or how to inform individuals, you can speak with a member of our Cybersecurity practice.
  3. Evaluate your organization’s information protection programs 
    As is always the case with large-scale breaches such as this, now is the time to review your organization’s existing cyber and information security measures, as well as your privacy and information management practices. Every company is a potential target for a breach regardless of size.

We are here to help you address any legal and regulatory issues you or your organization may face as a result of this breach. Honigman provides robust support to clients in protecting corporate information through our Cybersecurity and Data Privacy and Data Security and Privacy Litigation practice groups. Our attorneys are highly knowledgeable and have extensive experience helping clients navigate data breaches and associated legal risks, as well as assisting clients in developing and improving data protection practices.

Several members of our team are Certified Information Privacy Professionals/United States (CIPP/US). Additionally, the firm recently added Steven Wernikoff to the Chicago office. Steve joins us from the Federal Trade Commission and is deeply familiar with the risks and issues clients face in these situations, particularly from a regulatory perspective. If you have questions about the Equifax breach, you are welcome to contact one of the members of Honigman’s Data Security/Cybersecurity team. Their contact information is below.  

Mike Hindelang, CIPP/US, CIPM, Leader, Cybersecurity and Data Privacy
313.465.7412, mhindelang@honigman.com

Karl Hochkammer, CIPP/US, Leader, Cybersecurity and Data Privacy
313.465.7582, khochkammer@honigman.com

Steve Wernikoff, Leader, Cybersecurity and Data Privacy
312.701.9380, swernikoff@honigman.com