A judge has ruled that the state of Massachusetts can move forward with its lawsuit against Equifax.
According to Reuters, the suit alleges that the credit reporting firm failed to protect its databases or provide prompt notice of the massive data breach that exposed the personal data of 147 million people.
Last year, it was revealed that Equifax had experienced a cybersecurity incident that at the time was believed to have impacted approximately 145 million consumers in the U.S., as well as the credit card numbers of approximately 209,000 people.
The breached information included names, Social Security numbers, birthdates, addresses and, in some instances, drivers’ license numbers.
Then last month, the company announced that it had identified 2.4 million more consumers in the U.S. whose partial driver’s license information was stolen.
The breach resulted in several lawsuits filed against Equifax, including one by Massachusetts Attorney General Maura Healey.
“Equifax knew about the vulnerabilities in its system for months, but utterly failed to keep the personal information of nearly three million Massachusetts residents safe from hackers,” said Healey at the time. “Equifax needs to pay for its mistakes, make our residents whole and fix the problem so it never happens again.”
On Wednesday, Suffolk County Superior Court Judge Kenneth Salinger in Boston denied a motion by Equifax to dismiss the lawsuit, writing that it had a plausible claim that the company breached its legal duties to prevent any reasonably foreseeable risks to its data security, as well as to take care of any reasonably up-to-date fixes to its software.
“These allegations state a viable claim for violation of the data security regulations,” Salinger wrote.
Equifax did not immediately respond to a request for comment. Healey’s office also had no immediate comment.
In addition to class action lawsuits, Equifax is also facing investigations by more than 40 state attorneys general and a probe by the U.S. Federal Trade Commission.