Social media and news outlets exploded last week when Equifax announced that it had discovered a cybersecurity breach affecting 143 million Americans. Names, Social Security numbers, birth dates, addresses, and even driver’s license information were accessed, as well as 209,000 credit card numbers.

To make matters worse, Fortune reported that three senior executives at Equifax, including its chief financial officer, sold about $2 million in shares before the announcement. An official response from Equifax stated that the employees had had no knowledge about the breach at the time.

Unsurprisingly, Equifax stock shares have taken a nose-dive since the announcement and ensuring problems. By midday Tuesday, September 12, shares were down more than 18 percent at about $114 each. Experts expect this trend to continue at a further 15-19 percent over the next five weeks. It could be selling as low as $100 a share by October.

To combat the breach, Equifax set up a website to provide customers with information and a way of checking to see if their information has been compromised. This move has also met with a slew of problems, however. Aside from being difficult to navigate, a confusing portion of the TOS suggested that simply checking one’s information status would waive the right to sue. According to the TOS, looking up the information served as an “agreement to resolve all disputes by binding, individual arbitration” and a “waiver of the ability to bring or participate in a class action, class arbitration, or other representative action.”

New York Attorney General Eric Schneiderman quickly tweeted that those terms of service are “unenforceable” and should be removed. He also noted that, if an affected individual notifies Equifax within 30 days of accepting the agreement, they can regain the right to go to small claims court individually. Additionally, Equifax has since removed the wording and stated that the arbitration clause does not apply to this incident.

That’s just as well, since a proposed class-action lawsuit was filed against Equifax late last week in Portland, Oregon. Plaintiffs Mary McHill and Brook Reinhard are alleging that Equifax was negligent in protecting consumer data, focused on saving money rather than spending on the required technical safeguards. The case is being overseen by Olsen Daines PC and Geragos & Geragos. (The latter is well-known for its class action lawsuits.) The plaintiffs could seek as much as $70 billion in damages.

Photo: Shawn Hill /