In re Equifax Inc. Securities Litigation

Court: United States District Court, Northern District of Georgia
Case Number: 1:17-cv-03463-TWT
Judge: Hon. Thomas W. Thrash
Class Period: 02/25/2016 - 09/15/2017
Case Contacts: James A. Harrod, Abe Alexander, Brenna Nelinson, James M. Fee

This securities fraud class action asserts claims under Section 10(b) of the Exchange Act of 1934 against Equifax, Inc. (“Equifax” or “the Company”) and its former Chief Executive Officer Richard F. Smith, Chief Financial Officer John W. Gamble, President of Equifax Workforce Solutions Rodolfo O. Ploder, and Senior Vice President of Investor Relations Jeff Dodge, as well as “control person” claims under Section 20(a) of the Exchange Act against Equifax’s the same four executives, on behalf of all persons who purchased Equifax securities between February 25, 2016 and September 15, 2017 and suffered damages thereby. 

On February 21, 2018, the Honorable Thomas W. Thrash, U.S. District Judge for the Northern District of Georgia, entered an Order appointing Union Asset Management as Lead Plaintiff and appointing BLB&G as Lead Counsel for the investor class.

On April 23, 2018, Lead Plaintiff filed the Consolidated Class Action Complaint. 

The Complaint asserts claims arising from false and misleading statements made by Equifax and its executives concerning the Company’s data security, compliance with applicable laws, regulations and industry practices concerning cybersecurity and the Company’s internal controls.  The claims arise from the massive data breach the Company experienced in 2017 after having touted Equifax’s cybersecurity and compliance, as well as the importance of its role as a “trusted steward” of sensitive consumer information.  The action further alleges that the truth about Equifax’s vulnerability to unauthorized intrusions into its data systems was revealed to investors in the days following the Company’s September 7, 2017 announcement that its systems had been compromised in one of the largest data breaches in U.S. history, resulting in the theft of highly-sensitive information regarding approximately 148 million Americans.  Over $3 billion in shareholder value was destroyed when the facts concealed by Defendants’ false and misleading statements were revealed through these disclosures.  

On January 28, 2019, the Court sustained the majority of Plaintiffs' Complaint.  The decision sustains Plaintiffs' claims against Equifax and former CEO Richard Smith. The Court decided that the complaint sufficiently alleged claims against Equifax and Smith, rejecting Defendants’ arguments regarding falsity, scienter and loss causation. Importantly, the Court accepted Plaintiffs' allegation that the class period should begin in February 2016 and continue through disclosure of the Data Breach in September 2017. The Court sustained Plaintiffs' arguments regarding false statements concerning the adequacy of the Company’s cybersecurity efforts and compliance with applicable cybersecurity regulations and industry standards. The Court did dismiss certain of Plaintiffs' other alleged false statements, including statements concerning Equifax’s risk disclosures and internal controls, and statements that Judge Thrash believed were appropriately characterized as opinions.

As to scienter, the Court found it reasonable to infer that Smith acted either knowingly or with gross recklessness. The Court further found that Equifax acted with scienter as a result of Smith’s actions (which are “imputed” against the corporation). The decision also finds that the knowledge or recklessness of the two IT executives who were fired shortly after the Data Breach (Webb and Mauldin) was sufficient to find that Equifax acted with scienter. The Court held that the Complaint did not sufficiently allege scienter as to the other three Individual Defendants – Gamble (the former CFO), Ploder (the head of the Workforce Solutions segment) and Dodge (the VP of Investor Relations) – and dismissed them from the case.

Other Cases of Interest