Leagues Pile On, Joining CUNA's Equifax Lawsuit
Three credit union leagues have joined CUNA in its lawsuit against Equifax over the credit bureau’s recent data breach that compromised personal financial information for more than 145 million people.
The Credit Union Association of New Mexico, the California-Nevada Credit Union League and the Michigan Credit Union League say they are now plaintiffs in a suit CUNA originally filed in a Georgia District Court on October 4. Army Aviation Center Federal Credit Union and Greater Cincinnati Credit Union are already plaintiffs in the suit.
Army Aviation Center Federal Credit Union, headquartered in Daleville, Alabama, has $1.2 billion in assets and about 98,000 members. Greater Cincinnati Credit Union is a state-chartered credit union headquartered in Cincinnati, Ohio.
“As you may know I have spoken out about Equifax from day one. Their cover-up of the breach along with their continued bungling of the situation is nothing short of criminal,” Credit Union Association of New Mexico President and CEO Paul Stull said in a statement.
“While it is unlikely that CUANM will share in any monetary proceeds from a settlement, it is extremely important we speak up and make it absolutely clear that Equifax is a bad actor and has caused serious and long-term damage to both credit unions and their members. We will continue to speak out about this situation and attempt to focus light on a problem that demands serious attention,” he added.
Stull isn’t the first league president to criticize Equifax for its data breach.
New York Credit Union Association president and CEO William J. Mellin said in a scathing public statement on September 19 that the breach highlights the need for tougher state-level cybersecurity standards if Congress does not create federal data-protection standards.
“The Equifax data breach and their bungled response yet again underscore the need for a robust cybersecurity framework at the federal level. The bottom line is, what we’re doing now from a cybersecurity standpoint is just not working,” he stated.
“Far too often we are seeing the same reaction from organizations that have failed to adequately protect consumers’ data: a press release that’s light on details released long after the breach was discovered; a year of free credit monitoring; and an apology and a commitment to do better. That’s no longer enough,” Mellin added.
The Equifax breach, announced September 7, was first thought to affect 143 million U.S. consumers. Compromised information primarily includes names, Social Security numbers, birth dates, addresses and in some cases driver’s license numbers. The breach also jeopardized credit card numbers for about 209,000 people, as well as dispute documents for about 182,000 consumers. A subsequent forensic investigation announced on October 2 found that an additional 2.5 million U.S. consumers were affected, bringing to the total to 145.5 million people.
At least four credit unions are suing Equifax for damages related to the credit-reporting agency’s recent data breach, court records show.
Colorado Springs, Colorado-based Aventa Credit Union and New Castle, Pennsylvania-based First Choice Federal Credit Union, along with the New Orleans-based Bank of Louisiana, filed their class-action complaint against Equifax in U.S. District Court on September 22. Similar to a separate class-action suit filed by Summit Credit Union on September 11, the three financial institutions allege that Equifax failed to secure its website, ignored warnings from security experts and took too long to disclose the breach.
Gulf Winds Federal Credit Union, which is headquartered in Pensacola, Florida, later filed a suit of its own on October 3. That credit union has $659 million in assets and about 60,000 members.
Madison, Wisconsin-based Summit Credit Union has $2.8 billion in assets and about 167,000 members. Aventa Credit Union has $175 million in assets and about 23,700 members. First Choice FCU has $44 million in assets and 6,700 members. The financial institutions claimed they will incur financial losses related to card reissue, fraud and fraud prevention.