What's The Deal With Equifax?

By Fei-Lu Qian

Equifax Inc. (EFX), one of the largest credit reporting agencies ("CRAs") in the US, made $3.1 billion in revenue last year by selling consumer credit reporting and scoring products based on consumers' personal information and credit history. The Fair Credit Reporting Act ("FCRA") requires CRAs such as Equifax to protect a consumer's privacy by guarding against inappropriate disclosure to third parties, and permits a CRA to disclose a consumer's information only for a handful of exclusively defined "permissible purposes." To ensure compliance, CRAs must maintain reasonable procedures to ensure that such third party disclosures are made exclusively for permissible purposes.

On September 7, 2017, after the stock market closed, Equifax disclosed a massive data breach that have compromised personally identifiable information ("PII") of approximately 143 million U.S. consumers, plus PII of United Kingdom and Canadian residents. Equifax later increased its estimate to a total of 145.5 million people. According to Equifax, from mid-May through July 2017, hackers were able to gain access to a website application utilized by Equifax where they were able to obtain critical consumer information including "names, Social Security numbers, birth dates, addresses and in some instances, driver's license numbers." The hackers were also able to get access to "credit card numbers for approximately 209,000 U.S. consumers, and certain dispute documents with personal identifying information for approximately 182,000 U.S. consumers." As has become typical when breaches such as this are announced, Equifax offered impacted American consumers a one year free subscription to identity protection services.

Public officials were outraged and dozens of consumer lawsuits were filed almost immediately. Senate Minority Leader Chuck Schumer called the data breach, "one of the most egregious examples of corporate malfeasance since Enron." In a letter to Equifax, Senator Brian Schatz of Hawaii criticized Equifax's complimentary one year free subscription as "insufficient given the scope and scale of this data breach," without offering "to pay for or reimburse credit freezes, which can cost $10 per credit reporting agency." In a joint letter by the leaders of the Senate Finance Committee to Equifax, they asked whether Equifax plans "to promote its paid service to these individuals at the end of the free year" as a tactic to profit from the massive breach.

On September 15, 2017, Equifax revealed that the hackers had exploited a vulnerability with an open source application that Equifax utilized called Apache Struts CVE-2017-5638. However, this vulnerability was easily fixable by updating the software with a patch that was developed and available on March 7, 2017. Equifax has admitted that it was "aware of this vulnerability at" the time that the patch was available, but it appears that Equifax failed to update the Apache Struts software. In fact, in his prepared testimony to Congressional committees, Equifax's recently retired Chairman of the Board of Directors and Chief Executive Officer, Richard F. Smith admitted "that the vulnerable version of Apache Struts within Equifax was not...patched in" time, and therefore, "allowed hackers to access personal identifying information."

Shockingly, Equifax discovered the massive breach on July 29, 2017, but waited six weeks to reveal to consumers and its shareholders that sensitive information of more than half of the entire adult American population had been stolen. To make matters worse, it was revealed through various media reports that on August 1 and 2, 2017, less than a week after discovering the breach, three top Equifax executives, including its Chief Financial Officer, sold Equifax shares for proceeds of almost $1.8 million.

Since the initial public revelation of the breach on September 7, 2017, Equifax has announced the retirement of three major executives, including Smith. In addition, Equifax common stock has declined more than 20%, or nearly $30.00 per share, erasing shareholder value of more than $3.5 billion. Various state attorneys general and federal agencies are investigating the massive breach and multiple Congressional committees have held hearings on the matter.

According to a security expert, "Considering Equifax is one of the largest credit reporting agencies whose sole business relies on both credibility of data and securely handling the sensitive data of millions of consumers, it is fair to say that they should have patched it as soon as possible, not to exceed a week." A letter from the Credit Union National Association to the leaders of the U.S. House Energy and Commerce Subcommittee on Digital Commerce and Consumer Protection sums up the long-term impact of the data breach, and how it has exposed practically every adult American "to damages in replacing...payment cards, covering fraudulent purchases and taking protective measures to reduce risk of identity theft and loan fraud and assuming financial responsibility for various types of fraudulent activity related to stolen identities and misuse of PII and payment card data."

In the coming weeks we will look at some of the legal claims being asserted against Equifax, and remedies consumers may have against Equifax.

Fight Back Against "Surprise Billing"

On behalf of Wolf Popper LLP

If you believe you've been charged an exorbitant fee for lab tests, you're not alone. In the ever-shifting landscape of healthcare billing, many patients are experiencing what is known as "surprise billing," - which is basically sticker shock for medical procedures, lab costs or other charges. In many cases, medical providers are charging insurers one rate for procedures and other services, and then turning around and charging patients a much higher rate for the portion of those services that insurance won't cover. Patients are then left on their own, with little to no negotiating power, held responsible for highly inflated bills that contain little to no information about what the patient is even paying for.

Recently, Wolf Popper LLP, filed two suits on behalf of classes of consumers against Quest Diagnostics Inc. and Laboratory Corporation of America Holdings (LabCorp) concerning their unfair practices of charging patients a much higher rate for services than they charge third party institutions like insurance companies, with whom they have negotiated rates. These predatory practices take advantage of the limited-to-nonexistent bargaining power of individual patients, squeezing those who can least afford it to enhance their own bottom line. If you believe you have been subjected to similar billing tactics by Quest or LabCorp, please contact Robert C. Finkel, Esq. at 877.370.7703 or at irrep@wolfpopper.com, or contact Wolf Popper LLP through its web site.

Being unfairly charged exorbitant fees can have a cascade of negative effects on your life. As outlined in this article from The New York Times, unfair billing practices can put your property at risk, destroy your credit, and endanger your retirement or college savings. And it can be difficult for individual patients to even get the information they need to figure out what they're being billed for. This is why it's essential to contact a lawyer to help you evaluate your bills to determine if you've been charged inappropriately.

No one deserves to have their life destroyed by unscrupulous billing practices. Before you file bankruptcy or hand over your life's savings for a bill you don't understand, call Wolf Popper LLP and explore your options.

Looking At Current Legislative Efforts To Change Access To The Federal Courts

On behalf of Wolf Popper LLP

Republicans in the U.S. House of Representatives are currently working on pushing forward several bills aimed at reforming the civil justice system. The bills have many aims, but the common denominator is to make changes to lessen the purported burdens to businesses.

One of the bills approved by the House of Representatives at the beginning of the month is the Innocent Party Protection Act, which intends to make it easier for defendants to prevent being sued in state court and to remove a lawsuit to federal court. If a defendant is sued in a state court in its non-home state and all of the parties are from different states, the defendant can often remove the case to federal court, which an out-of-state defendant might believe is a more neutral forum, under "diversity jurisdiction." If a plaintiff adds a local defendant to their lawsuit, the out-of-state defendant would be unable to remove the case to federal court. However, a plaintiff cannot add a local defendant that it has no viable claim against solely to prevent federal court jurisdiction. When defendants remove a case to federal court, they sometimes argue that any in-state defendants were "fraudulently joined" and they should not be included in the lawsuit, thereby allowing the case to proceed in federal court. 

The Innocent Party Protection Act intends to make it easier for defendants to overcome fraudulent joinder by instructing the federal court to consider whether the plaintiff improperly added the in-state defendant. The proposed law instructs the federal court to not allow the case to proceed in state court if: there is actual fraud in pleading the jurisdictional facts; it is not plausible to conclude that the defendant would be liable under state law; state or federal law clearly prevents the claims against the defendant; and there is objective evidence demonstrating lack of good faith to prosecute the action against the defendant. The proposal also allows the federal court to consider any amended complaints or affidavits and other evidence submitted by the parties. 

The bill passed the House on a vote of 224 to 194, with only Republicans voting in favor, while all voting Democrats and 10 Republicans voted against the bill. Democratic opponents argued that the bill complicates a problem which has already been adequately addressed by the federal courts who have considered fraudulent joinder claims. In light of the body of case law evaluating these claims as well as motions to dismiss under Federal Rule of Civil Procedure 12, the new language unnecessarily adds ambiguity, such as whether a claim is "plausible" under state law or the plaintiff acts with a "good faith intention." The proposal also would prompt additional litigation expense if the parties have to submit "other evidence" to determine plaintiff's state of mind. 

In our next post, we'll say more about other measures advanced in the House, as well as the importance of working with experienced legal counsel to hold businesses accountable for taking advantage of and harming consumers.

The Lab Results Show You're Being Charged Too Much

On behalf of Wolf Popper LLP

Blood and other lab tests are often part of annual physicals or routine diagnostic testing for hospital patients around the country. Because the tests are common, we might expect our insurance to cover the costs. But, what you were expecting to be a nominal fee similar to a co-pay turns into a bill for hundreds of dollars from the lab.

That depends on how your insurance company views the necessity of the lab tests and how prices are negotiated between hospitals, labs and insurance companies. Some companies cover lab work as a preventative or diagnostic treatment, but certain plans can be exclusionary, leaving the patient to pay whatever the lab considers the full cost of services to be, which often are exorbitant prices.

Blood is thicker than water, prices are as clear as mud

An investigation by ABC News in 2013 revealed that each diagnostic lab can negotiate its own rates with insurance companies, resulting in a variety of price points across the industry, even among "in-network" providers. Less-than-transparent methods of how a hospital categorizes different tests may also be contributing to high costs. In other cases, providers may be restricted in how much they can actually talk about prices and contracts, helping to create an inefficient market.

How can consumers handle these cloak-and-dagger tactics by labs and insurance companies? With some healthcare plans currently in limbo due to Congress' attempt to repeal and replace the Affordable Care Act (Obama care), understanding the costs related to insurance is more important now than ever before.

People seeking health care diagnostic testing have a right to know how much they will pay for services, but with a variety of companies using the system to hide costs, how can prices be assured? Also, the price of a test, and whether it will be covered by insurance, is oftentimes not communicated to a patient until after the test is run. Sticker shock may cause blood to boil in your arteries, but there is a way to keep ice in your veins through the process.

Blood in your arteries, ice in your veins 

When consumers are left without enough information to make the best decision for themselves, legal action can be taken to hold companies accountable for their misguidance. Consumer protection laws protect the rights of consumers and encourage corporate transparency.

Wolf Popper is representing consumers who believe they should not have to pay more than the rate negotiated by their insurance company for that service if their claim is not covered by their insurance company. Wolf Popper is representing plaintiffs in putative class actions against Quest and LabCorp to recoup alleged overpayments by consumers.

As a plaintiff in a consumer protection lawsuit, you have the opportunity to explain your situation to a judge and jury. Compensation is available through this process. Further, companies could be forced to be more transparent, resulting in a fairer marketplace for all.

Work With Experienced Legal Counsel To Address Issues Related To Corporate Governance

On behalf of Wolf Popper LLP

The ability to take action with respect to a corporation's officers and board of directors is an important right for shareholders. Officers and directors who are not performing their fiduciary duties properly, who are not effective in their work, or who are otherwise not meeting the expectations of shareholders can and should be held to account and, when necessary, removed.  

A corporation must follow the proper procedures when making decisions, and it is important for shareholders to understand the corporation's governing documents as well as the legal rights and responsibilities the legal documents create to ensure things are done properly. It is also important, of course, to ensure that the governing documents themselves are in line with the law of the state of incorporation. 

In some cases, corporations may draft governing documents that are later subject to legal challenge. Our firm successfully represented shareholders against a corporation in this situation in a recent case in Delaware Chancery Court. At issue in the case was the legality of a corporation bylaw requiring that, in order to remove directors, there must be a two-thirds majority of votes from shareholders.

However, Delaware law specifies that "any director or the entire board of directors may be removed, with or without cause, by the holders of a majority of the shares then entitled to vote at an election of directors." In this case, the corporation argued that the requirements of the state statute are permissive in nature rather than mandatory, which allowed it to establish a stricter requirement. Agreeing with Wolf Popper, however, the court ruled that the requirements are mandatory, making the bylaw at odds with state law. The decision provides an important clarification of Delaware state law of which corporations should be aware when drafting and reviewing their own bylaws going forward.

Shareholders can and should consult with experienced legal counsel in addressing legal issues surrounding their corporation's governing documents, not only in the creation and revision of these documents but also in addressing legal disputes regarding their proper interpretation. Our firm is committed to zealously representing the rights and interests of our clients and helping them to achieve the best possible outcome in their case.