Fact Check

Does Equifax's Credit Monitoring Service Bar Users From Joining a Class-Action Suit Against Them?

After a massive data breach, the terms of service for an Equifax product spawned allegations that the company was trying to curb potential legal action.

Published Sep 8, 2017

Updated Sep 27, 2017
If you sign up for Equifax's credit-monitoring service, you cannot join any class-action lawsuit against the company.
What's True

The terms of service for Equifax's credit monitoring service, TrustedID Premier, say that users give up their right to participate in a class-action lawsuit or arbitration.

What's False

Those who user TrustedID Premier do not give up their right to participate in a class-action lawsuit or arbitration against Equifax over the 2017 data breach.

After the credit-reporting company Equifax revealed on 7 September 2017 that a cyber-attack had exposed personal data for 143 million U.S. residents, the company promoted its service TrustedID Premier as a way for people to see if their information was stolen in the 29 July 2017 data breach.

But critics highlighted a clause in TrustedID's terms that required people enrolling in the service to forfeit their right "to bring or participate in a class action, class arbitration, or other representative action":

This arbitration will be conducted as an individual arbitration. Neither You nor We consent or agree to any arbitration on a class or representative basis, and the arbitrator shall have no authority to proceed with arbitration on a class or representative basis. No arbitration will be consolidated with any other arbitration proceeding without the consent of all parties. This class action waiver provision applies to and includes any Claims made and remedies sought as part of any class action, private attorney general action, or other representative action. By consenting to submit Your Claims to arbitration, You will be forfeiting Your right to bring or participate in any class action (whether as a named plaintiff or a class member) or to share in any class action awards, including class claims where a class has not yet been certified, even if the facts and circumstances upon which the Claims are based already occurred or existed.

As of 8 September 2017, Equifax created a website, web site, EquifaxSecurity2017.com, addressing concerns over the issue, which stated that the cyber attack is not covered by TrustedID Premier's arbitration clause:

Do the TrustedID Terms of Use limit my options related to the cyber security incident?

The arbitration clause and class action wavier included in the TrustedID Premier Terms of Use applies to the free credit file monitoring and identity theft protection products, and not the cybersecurity incident.

New York state Attorney General Eric Schneiderman, whose office is investigating the data breach, said on Twitter that Equifax posted the statement "after conversations [with his] office."

We contacted Schneiderman's office seeking further comment but have yet to hear back. Equifax sent us a statement saying:

In response to consumer inquiries, we have made it clear that the arbitration clause and class action
waiver included in the Equifax and TrustedID Premier terms of use does not apply to this cybersecurity

However, other users have said that TrustedID's tool told them their data "may have been impacted" if they entered "test" as their last name and "123456" as the last six digits of their social security number. We entered the same number and "Smith" as a last name and got the same result. We contacted Equifax seeking comment but have not received a response.

The company was also criticized following reports that a trio of executives -- Chief Financial Officer John Gamble, U.S. Information Solutions President Joseph Loughran and Workforce Solutions President Rodolfo Ploder -- sold a combined $2 million in company stock on 1 August and 2 August 2017.

Equifax said that the three officials were unaware of the data breach at the time they sold their stock.

The company announced on 26 September 2017 that chief executive officer Richard Smith would resign from both that position and his role as the chairman of the company's board. Paulino do Rego Barros Jr. was appointed as interim CEO, while another board member, Mark Feidler, will serve as "non-executive chairman."

As of 27 September 2017, Smith was scheduled to testify before the Senate Banking Committee at a hearing concerning the data breach.


Burns, Matt. "Equifax Data Breach Help Site Leaves Consumers with More Questions Than Answers." TechCrunch. 7 September 2017.

Selyukh, Alina. "3 Equifax Executives Sold Stock Days After Hack That Wasn't Disclosed For A Month." NPR. 8 September 2017.

Whittaker, Zack. "We Tested Equifax's Data Breach Checker — And It's Basically Useless." ZD Net. 8 September 2017.

Puzzanghera, Jim. "Equifax CEO Steps Down After Data Breach; He'll Still Get $18-Million Pension." Los Angeles Times. 26 September 2017.

U.S. Senate Committee on Banking, Housing, and Urban Affairs. "An Examination of the Equifax Cybersecurity Breach."


Updated [11 September 2017]: Added a statement from Equifax.

Updated [11 September 2017]: Updated with information on Trusted ID's tool for checking whether a user's data had been compromised.

Updated [27 September 2017]: Added information about CEO Richard Smith's resignation and scheduled appearance at a Senate Banking Committee hearing.

Arturo Garcia is a former writer for Snopes.