For Equifax, the 2017 data breach debacle still isn't over. That's because the consolidated class action stemming from the breach is still being litigated out in court.
Most recently, the federal court in Atlanta denied Equifax's motion to dismiss the case, explaining that despite uncertain damages, it is clear that the company owed a duty to protect consumers' information from a data breach.
Next up in the litigation will be discovery, where the plaintiffs will likely seek to connect various dots showing how the company failed to keep the data secure, while defendants likely seek to estimate just how deep the damages run.
Notably, despite the fact that these consolidated cases have been pending since late 2017, the matters still have not made it to the class certification stage even. This is likely due, in part, to the sheer volume of the class or classes, as the data breach involved over 140 million individuals.
Equifax was able to knock out some of the claims, including those involving the Fair Credit Reporting Act. However, at this stage, the next big fights are likely to be discovery battles. Interestingly, some of the individual claims that have been filed against Equifax in small claims have already been successful, but the company has been honing its strategies in those matters.
What Can Other Companies Learn?
The big lesson that other companies need to learn from the Equifax breach is that protecting private data should be a top priority, and cybersecurity needs to be more than just some passive software. If a company maintains private data, the company must provide some form of active monitoring against that data being breached. This is particularly true if that data is stored on an internet accessible network.