Cam Fine: On ICBA’s lawsuit against Equifax

By Camden R. Fine, president and CEO of ICBA

ICBA never flinches from its responsibility to stand up for the nation’s community banks, so we didn’t hesitate to file suit on behalf of the industry following the massive data breach at Equifax. Joined by Bank of Zachary in Zachary, La., and First State Bank in Barboursville, W.Va., the lawsuit is designed to address the long-term damage to community banks posed by the breach of 145.5 million consumer records and 209,000 payment cards.

The Equifax breach is deeply troubling not only because of its scale but also because of the failure of Equifax to take basic steps to protect itself and consumers from such a preventable catastrophe. The breach—in which hackers entered Equifax’s system through a known vulnerability, gaining access to names, Social Security numbers, dates of birth and other information—was caused by Equifax’s negligence. Quite simply, the credit rating agency failed to heed warnings from security experts to properly secure its U.S. website. Further, Equifax waited nearly six weeks to report the breach to the public.

We do not yet know the full extent of the damage, but there is no doubt about the cost to community banks. ICBA’s lawsuit asks the U.S. District Court for the Northern District of Georgia—Equifax is based in Atlanta—to require the credit bureau to compensate community banks for the costs they will incur in responding to the breach. That includes the costs of customer credit freezes, protective measures to deter fraud, and canceling and replacing payment cards.

For a longer-term solution, ICBA’s suit also asks the court to require Equifax to improve its security infrastructure to prevent future data breaches, such as employing adequate security protocols consistent with industry standards to protect personally identifiable information and payment card data.

ICBA filed this case on behalf of community banks because Equifax is responsible for an unprecedented breach of sensitive, personally identifiable information. Community banks rely on this information to authenticate customers when opening accounts and conducting online, in-person and over-the-phone transactions. The effect of the breach on community banks, consumers, small businesses and the economy is sure to be substantial.

ICBA has been at the forefront in responding to the Equifax breach since the news broke in September. We called on the credit bureau to immediately notify affected customers and card issuers, and to provide us with ongoing briefings regarding the breach’s extent. We followed that by releasing tips for community bankers on how to respond to the breach, as well as a customizable letter for community banks to inform their customers.

Now, we are taking our response to the next level by demanding remedial action. Equifax needs to be held accountable for this massive and preventable catastrophic event to ensure the long-term security of community banks and the friends, neighbors and customers we serve.

Follow Camden R. Fine on Twitter,