The hits just keep coming for Equifax: Summit Credit Union has filed a lawsuit against the credit reporting agency in response to the massive data breach that compromised the personal data of around 143 million people.
The suit is the first filed by a financial institution against Equifax following the hack, but probably won’t be the last. Previous reports have said that banks are losing their patience with the way the company has handled the data breach and its aftermath.
“Most of the major financial institutions learned about it through the media,” one banker said. “Their responsiveness to customers has been slow and unclear as well.”
In the lawsuit, Summit Credit Union states that Equifax “utterly failed” at protecting consumers’ personal and financial data, maintaining that the company allowed “hackers to breach the gates and gain unfettered access to the sensitive information of millions. In so doing, Equifax set off a chain reaction that threatens the trustworthiness and stability of the financial system for individuals and institutions alike.”
Founded in 1935, Summit operates 34 locations throughout the state of Wisconsin and has over 162,000 members. The lawsuit, which is seeking class action status, details how the data breach can cost financial institutions.
“Customers experiencing severe anxiety related to identity theft are often hesitant to use some banking services altogether, instead opting to use cash,” the lawsuit states. “As a result, financial institutions forgo many of the transaction fees, ATM fees, interest or other charges that they may have otherwise collected on these accounts.”
In addition, financial institutions like Summit will have to handle the costs of cancelling and reissuing credit and debit cards that have been compromised, as well indemnifying fraudulent charges made to members’ or customers’ existing accounts.
The Equifax breach also means offers for auto recapture loans, student loans and auto and credit card preapprovals may have been compromised.
“As a result, financial institutions face considerable costs associated with monitoring, preventing and responding to fraudulent charges and account openings,” Summit revealed in the court documents. “Financial institutions will also need to take other necessary steps to protect themselves and their members or customers, including notifying members or customers, as appropriate, that their accounts may have been compromised.”
Summit is asking a judge to stop Equifax’s “negligent business practices” and to require the credit reporting company to pay for restitution and damages resulting from the hack.