Equifax issued a statement Friday saying that victims of a recent massive security breach won’t have to waive their right to file a class action lawsuit against the company, after people noticed language buried in Equifax’s terms of service that barred customers from doing so.
Equifax announced Thursday that it had discovered in July it was the victim of a massive hack that exposed the personal information of an estimated 143 million Americans. Social Security numbers and credit card numbers were among the information exposed.
The company offered those affected by the hack a free one-year subscription to its credit-monitoring service TrustedID Premier. Those who opt to use Equifax’s free service will be charged after a year if they do not actively cancel their subscriptions.
Later Friday, Schneiderman said he was launching a formal investigation into Equifax’s security breach and encouraged all of Equifax’s customers to reach out to the company to see if they were affected.
So far, two class action lawsuits against Equifax have been proposed, alleging that the credit monitoring company was negligent in protecting its customers’ private information and should have spent more money protecting the data against cyberattacks.