WIXLIB

Case 1:17-cv-05491-TWTDocument 1Filed 11/03/171 of 29Page123456UNITED STATES DISTRICT COURTWESTERN DISTRICT OF WASHINGTON7AT SEATTLE89GARY CAMPBELL, individually andbehalf all others similarly situated,onCase No.:Plaintiff,10CLASS ACTION ON BEHALF OFPLAINTIFF AND ALL OTHERSSIMILARLY SITUATED11EQUIFAX, INC.,aGeorgia corporation,12COMPLAINT FOR DECLARATORYRELIEF, INJUNCTIVE RELIEF, ANDDAMAGESDefendant.1314DEMAND FOR JURY TRIAL1516PlaintiffGary Campbell ("Plaintiff'), individually and17similarly18against Defendant Equifax, Inc., by19personal knowledge20all other matters,21and states thesituatedconsumersasonbehalf of all otherof the United States, files this class actionto factsandpertainingthroughhiscomplaintundersigned counsel, uponto him and on information and beliefbrings this action against :22PiviOTAL23CLASS ACTION COMPLAINT- 11 AW GROUPIBM Building, Suite 12171200 5th Avenue, Seattle, WA 98101phone 206-340-2008 I fax 206-340-1962www.Pivota I LawG rou p.com

Case 1:17-cv-05491-TWTDocument 1Filed 11/03/172 of 29Page12NATURE OF THE ACTION3boasts: "We have builtEquifax1.reputationourcustomers,. and to4deliver reliable information to5confidentiality6and security of information, both online and offline, isofpersonalThis ytop priority for Equifax."eventhoughthe names, addresses,accessoverpopulationof the Unitednumbers forapproximately145 million United States consumers—almost half the10privacy andtheEquifax's "Privacy" webpage remains,security allowed third partiesfailed dataaprotectSecurity numbers, and other personally identifiable information ("P11") ofSocial9information abouton7ourcommitment toon ourStates.Equifax3.1112209, 000 United States13(that contained additional P11)consumers wereSince its initial disclosure,forcardthat creditalso admitsaccessed,approximately 182, 000Equifaxdispute documentationas wasUnites States consumers.has admitted that credit card transactionhistory14going15This data breach4.16on117back to November 2016July 29, 2017,While5.did not18Equifax192017, well20whenapparentlyalso included forrealized itsEquifax allegedly learnedthe Breachmonth later. Thisannouncesomeaffected individuals.("Breach") purportedly beganEquifax finallyacknowledgeover awasorsecurityhad beenof the Breachinform thedelay, coupledpublicwiththe data breach after the end of theseveral of its executives unloadedsomemid-Mayinstock worthand endedcompromised.July 29, 2017,onSeptember 7,untilEquifax'sdecision totrading day (and afterapproximately 2 million),2122PIVOTAL23LAW GROUPCLASS ACTION COMPLAINT- 2IBMBuilding,Suite 12171200 5th Avenue,Seattle, WA 98101phone 206-340-2008 Iwww.P iv eta Ifax 206-340-1962LawGroup.com

12beliesto doEquifax'sclaim that itbegan notificationEquifax6.has since revealed the truesoftware4vulnerabilityin the open5engagedindependent cybersecurityanDespite that,review.6sourceandapplication vulnerability." Equifaxrootcause9vulnerabilitytheiithe Breachalsoand theentirelyacknowledgedpatchhad itthe rity2017,referencingapublic"U.S. websiteout to beentirely preventable.following day that it had beenEquifaxhavepatchawareofpreventedwent out inclaims the Breach started.3Equifax securitybreaches thatprovided Equifaxadvanced warning of their dataPII, creatingstill failed tomassive threat to those whose Pllonly that, but,Equifax confirmedforensicPll of thousands of individuals.16Notcomprehensiveits software when notice of thesecurity shortcomings, yet Equifax9.claims that itEquifaxSecurity numbers and otherevents should haveaapatchableaadditional week before revealing theantheof the Breach:early March 2017.2 Equifax could1517vague,The Breach followed other recent1318enough informationfive weeks from discovery towerewaitedMarch 2017—some two months before8.14it hadStruts.firm to conductsecurity breach, which turnedEquifax7.1012of thecauseApachedespite havingnotification, Equifax's initial disclosures8as soon as3 of 29Pageso.37Filed 11/03/17Document 1Case 1:17-cv-05491-TWTthat it hadIncident &wasimproperly safeguarded.two weeks after its initial disclosure of the Breach,experienced yetImportantadequately safeguard consumers'another security incident earlier in theConsumer Information(Consumer Notice), Equifax er-notice/.Details onCybersecurity incident, Announces PersonnelChanges, Equifax Investor Relations (Sept. 15, 2017), 17/09-15-2017-224018832.Accounts in One Fell Swoop,3Brian Krebs, "Equifax Hackers Stole 200k Credit CardKrebsOnSecurity (Sept. 14, 2017), /2Pressrelease, "Equifax ReleasesP 1 'IOTA L23LAW GROUPCLASS ACTION COMPLAINT- 3Building, Suite 12171200 5th Avenue, Seattle, WA 98101205-340-200B I fax 206-340-1962IBMphonewww.PivotalLawGroup.com

Document 1Case 1:17-cv-05491-TWT1year, before theexperienceda3shore up itssecurity4itssecurityincidentinvolvingaSenator Mark Warner10.stated that "it isCybersecurity Caucus,suchasthis(D-Va.),exposing highlysensitivenowho heads theidentity management s morepersonalto creditfullyis filedandfinancialtransactionssuggest thataSenatebreachand financial information central forrepresentsareal threat to the economicdescribed herein. Asonareresult ofafarmorelikelyfraud, including fraudulently filedexistinglines of credit,14myriadpay for credittaxobtaining governmentvictimizedbywillful failure toto suffer fromidentityreturns, fraudulentbenefits inopenedavictim'sin their names,other risks. Due to these risks, the victims of the Breach will have tomonitoringandidentity theft protection16into the future, and many will seek such services from17thatexposedwereEquifax'sname, and the creation of fraudulent financial accountsamongbipartisanbehalf of all persons whoonthe Breach, Plaintiff and the Class1315notice thatof Americans."511.10accesstoexaggeration712onfailed tosecurity was wholly inadequate.458Equifaxdespite repeatedly being putbefore the BreachEquifaxtax season,service."5payroll-related4 of 29PageBreach, telling NPR that, "during the 201626Filed 11/03/17their information in the firstservices faramorethanayearcompany other than theoneplace. Ultimately, victims of the Equifax184MerritKennedy, "EquifaxConfirms Another'Security Incident,NPR(Sept. 19, way/2017/09/19/552124551/eq uifax-confirrns-anothersecu rity-202122incident; see also Michael Riley, Anita Sharpe, and Jordan Robertson, "Equifax Suffered a HackAlmost Five Months Earlier Than the Date It Disclosed, Bloomberg Technology (Sept. 18, 2017, 2:65https://www. bloomberg.com/news/articles/2017-09-18/eq u ifax-is-said-to-suffer-a-hack-earlierp. m.),than-the-date-disclosed ("The revelation of a March breach will complicate the company's efforts toexplain a series of unusual stock sales by Equifax executives.").5Lee Mathews, "Equifax Data Breach Impacts 143 Millio

1 Case 1:17-cv-05491-TWT Document 1 Filed 11/03/17 Page 2 of 29 1 2 NATURE OF THE ACTION 3 1. Equifax boasts: "We have built our reputation on our commitment to 4 deliver reliable information to our customers,. and to protect the privacy and 5 confidentiality of personal information about consumers. Safeguarding the privacy 6 and security of information, both online and offline, is a top .