Read about it in this article by Kevin McCoy. An excerpt:
Filed in 14 states and the District of Columbia, the federal lawsuits target either Equifax or the company's Equifax Information Services subsidiary. The legal complaints cite a range of legal claims, including alleged security negligence by Equifax, the delay in alerting the public and concerns about the free credit monitoring service the company has offered consumers. Noting that Equifax experienced smaller cyberbreaches in 2013, 2016, and earlier this year, the lawsuit filed in California federal court on behalf of Ehud Gersten and Hannah Obradovich charges the company "knew and should have known of the inadequacy of its own data security." Equifax's delay in alerting consumers was "willful, or at least negligent," argued the case filed in Illinois federal court on behalf of Dan Lang and Russell Pantek. As a result, "consumers were deprived of their opportunity to meaningfully consider and address issues related to the potential fraud, as well as to avail themselves of the remedies available under the FCRA (U.S. Fair Credit Reporting Act) to prevent further dissemination of their private information," the Illinois lawsuit alleged. A California federal court lawsuit filed on behalf of Richard Spicer and Julia Gutierrez in part focused on Equifax's offer to register consumers for a free year of credit monitoring from TrustedID. "Equifax failed to disclose to consumers that it owned TrustedID, and its long-term business model turns on baiting consumers into signing up for its services," the California case alleged. "In other words, Equifax sought to turn its failure to protect consumers' sensitive data into a clandestine money-making opportunity."