Lessons From Equifax on How to Mitigate Post-Breach Legal Liability

While the recent settlement involving the FTC, CFPB and 50 state AGs related to the massive 2017 Equifax breach resolves hundreds of civil consumer-fraud class actions, it does not address a securities-fraud class action that Equifax’s shareholders brought against the company in the wake of the breach, which could still result in significant liability for Equifax. In this guest article, Davis Polk attorneys Avi Gesser, Patrick Blakemore and Peter Bozzo discuss how the Equifax case is instructive on the future civil and regulatory liability outlook for companies imperiled by large cyber events, and outline three large buckets of legal liability that companies face – federal and state regulators, classes of consumers and classes of shareholders (for public companies) – and ways to mitigate that risk. See also “Reducing Risk in the Dawn of Equifax and Other Cyber-Related Securities Fraud Class Actions” (Feb. 13, 2019).

To read the full article

Continue reading your article with a CSLR subscription.