The Suffolk County Superior Court in Massachusetts released a decision [text, PDF] Wednesday, denying Equifax a motion to dismiss and allowing the commonwealth to move forward in its lawsuit against Equifax for its data breach [NYT report].
Equifax sought to dismiss the claims against them under Rule 12(b)(6) [rule text] of the Massachusetts Rules of Civil Procedure for failure to state a claim upon which relief can be granted.
Massachusetts alleged that Equifax did not take the proper steps to guard personal information and did not promptly inform consumers about the data breach or take appropriate steps to remedy that breach. The court discussed that the complaint filed by the state had adequately alleged violations of the Massachusetts Data Breach Notification Law (General Laws Chapter 93H), The Massachusetts Data Security Regulations (201 CMR 17.00), and the Massachusetts Consumer Protection Act (General Laws Chapter 93A)[legislation texts].
Cybersecurity has been a growing concern of data breaches with the Uber breach in March, the SEC issuing a statement in February warning public companies to disclose breaches to their customers, and the data breach of the Office of Personal Management[JURIST reports] in the fall to name a few.