Equifax turns to King & Spalding to defend data breach class actions

Equifax has turned to King & Spalding chief privacy officer Phyllis Sumner to serve as lead defence counsel in more than 70 class actions brought over its massive data breach, according to sources familiar with the litigation.

Sumner, a partner in the US firm’s Atlanta office, is head of the data security and privacy practice at the firm and has represented Equifax in other class actions. She also represented Home Depot in settlements over its 2014 data breach.

Sumner and a spokeswoman for Equifax, which is also based in Atlanta, did not respond to requests for comment.

The breach, announced on 7 September, has compromised the names, social security numbers, birth dates and other personal information of an estimated 143 million people.

In its statement on the breach, Equifax said it had ”also identified unauthorised access to limited personal information for certain UK residents”, and that it would work with UK regulators to “determine the appropriate next steps”. According to Equifax, the company ”is likely to need to contact fewer than 400,000 UK consumers in order to offer them appropriate advice and a range of services to help safeguard them”.

This week, lawyers filed motions before the US Judicial Panel on Multidistrict Litigation to have all the cases transferred to Georgia.

Many of the class actions brought over the data breach have focused on the Fair Credit Reporting Act (FCRA) – specifically, that Equifax failed to protect customer data and furnished sensitive information to third parties in violation of the statute.

The FCRA allows for individual statutory damages of up to $1,000, punitive damages and lawyer fees and costs. Equifax has lobbied Congress, arguing it should limit damages under the FCRA.

Sumner has defended Equifax in other FCRA cases, including complaints that have alleged the credit reporting agency provided inaccurate information about individuals in their credit reports.

Sumner is no stranger to handling crises on behalf of her clients. In November, she told The Daily Report: “I truly enjoy being a crisis manager and bringing order and strategy to managing complex litigation and multiple work flows. Clients respond with confidence and a sense of relief and we all work as a team more effectively.”

In April, she was a panellist alongside Laura Riposo VanDruff, assistant director in the division of privacy and identity protection at the Federal Trade Commission, at a seminar on cybersecurity and privacy hosted by King & Spalding. The topic of her panel was: ‘The Government’s Regulatory and Law Enforcement Authority in the Cybersecurity and Privacy Arena: Developments in the Courts and in the Executive Branch.’

On Thursday, the FTC confirmed that it had launched a probe into the Equifax breach.