I won $8,000 from Equifax in Small Claims Court. Here’s how you can, too.

It’s not a get-rich-quick scheme, but it is an opportunity to show Big Corp what you’re made of.

When I first found out about the Equifax data breach, it seemed like a hilarious case of corporate incompetence. At the office, we all sat around clicking into the TrustID website like an inconsequential Buzzfeed quiz called, “Have you been hacked? Just answer this one simple question about your social security number to find out!” And it was all good fun until I saw the screen that said: your data has been leaked.

Yep, I was hacked. Here’s the screenshot.

In September, Equifax, one of three nationwide credit-reporting companies that track and rate the financial history of U.S. consumers, leaked the data of 143 million Americans. That includes names, Social Security numbers, birth dates, addresses, and the numbers of some driver’s licenses.

The ensuing uproar led many people to take legal action. First, class action attorneys scrambled to file lawsuits. Then, DoNotPay released a chatbot that helped you find paperwork for New York and California to file in small claims court. (In full disclosure, my company, Legalist, also offered to help pay for court costs on a contingency basis for enterprising small claims litigants.)

I also filed my own lawsuit against Equifax, half expecting to have my case dismissed, and half expecting Equifax to not even show up. In fact, Equifax did appear.

I stood up against Equifax’s representative in front of a judge and pled my case — and won $8000.

Here’s how it happened:

A snippet from my pleadings

September 19, 2017

Believe it or not, despite co-founding a litigation finance company, filing my small claims action against Equifax was the first time I had ever stepped foot in court. I came prepared: my completed SC-100, the small claims complaint form, and a check for $90. The filing fee is only $75, but unless I was prepared to drive to Sacramento and hire a process server to deliver to Equifax headquarters, I had to utilize the court-certified mail service process, which costs $15. The young man at the front desk took my papers without comment and layered a stamped cover sheet on top.

I was delighted to get my court date right away, and to find that trial was relatively soon: November 9, 2017. Your average civil case takes 1–2 years to go to trial, and here I was, gearing up for court in a mere month and a half.

That is, until Equifax interfered.

October 31, 2017

At the end of October, I got a letter from the court notifying me that Equifax had pushed back the court date until January 3, 2018. At first, I was confused as to why. After some browsing on the Superior Court website, it quickly became apparent: while original trial dates were randomly assigned based on date of filing, Equifax had persuaded the San Francisco Superior Court to lump all the Equifax small claims cases together into one court session, with ten, fifteen plaintiffs all presenting their cases at once.

Honestly, that didn’t seem like fair play to me. The point of small claims court is that each person gets their case evaluated on their own merit. By lumping all the cases together, I was worried my case wouldn’t get the consideration it deserved.

That just meant I had to prepare 10x as hard to present a strong case.

Continuing my case until January

January 2, 2018

Day before Trial

New Year’s passed. My parents were visiting from England, and offered to come watch my trial. I told them under no circumstances were they allowed to come and watch or else I would physically be ill.

The easiest part to prove was liability and the willfulness of the breach. Six months before hackers attacked one of the company’s web portals and siphoned out data on a 145 million Americans, they were warned of a flaw that could have allowed exactly that seriousness of attack — and they ignored it. Not to mention that collecting, keeping, and selling our data is Equifax’s entire business.

The hardest part to prove was damages. Unfortunately, the heightened risk of identity theft is difficult to quantify in terms of damages. Like many Americans, I’ll always have to look over my shoulder, check my credit score, and make sure new credit cards are not being opened in my name — all because of corporate greed and misconduct. Sadly, these speculative damages are not normally looked well upon small claims court, which is more often used to recover exact amounts of unreturned security deposits and the like.

So basically, I was a little bit screwed.

January 3, 2018 8:30am

Trial Day

I arrived at court at 8:30am for Trial Day. There were 12 of us packed into the hour, but 7 were no-shows, including several Equifax plaintiffs that Legalist had funded court costs for. (Just to clarify, if you receive funding from Legalist, you are contractually obligated to show up for trial, but that’s a separate matter). I was second in line.

The Equifax representative was present as well, and she sat directly in front of me. She looked like a nice lady, with a neat packet and a red coat that she laid on the seat next to her. I knew she was probably a nice person, but as a corporate mouthpiece, she represented my adversary.

The clerk instructed us to exchange evidence with the Equifax representative, and I handed over the print-outs I had made the night before: of my screenshot saying I had been hacked, my Lifelock receipt, and the news articles on Equifax executives leaking our data, dumping their stock, and subsequently sharing links to phishing websites that lured consumers into (yet again), giving hackers their data. The Equifax lady looked at all the documents impassively.

Our judge that day would be Michelle McGill, a real estate lawyer in San Francisco who was acting as judge pro tem. That means it’s basically a lawyer that the Superior Court got to put on a nice black robe and act as a judge for the day to resolve the petty disputes of commoners. Fine fine.

Pro tip: Always address the judge as “Your Honor.”

The first plaintiff was called up. He was deaf, and had an interpreter with him. Ever since the Equifax breach, he had been getting spam calls from random numbers and locations he didn’t recognize. The judge looked skeptical. The Equifax representative piped up, and said, the plaintiff had not incurred any damages, but that if he was concerned, he should sign up for TrustID, Equifax’s free credit monitoring service. The judge asked if he had any evidence that the spam calls were linked to Equifax. He said he didn’t. She told him to sit down.

“Christian G. Haigh, you may approach the bench.” I stood up.

“What do you seek and why?”

My hands were sweating a little. I suddenly thought, this is why criminal defendants are allowed to plead the 5th. Because being interrogated by a judge is really freaking terrifying.

I started to read my speech. Equifax leaked my data, yada yada, but more importantly, they didn’t care. Bloomberg reported that three of the company’s senior executives sold nearly $1.8 million in shares after the company learned internally of the data breach, but before the announcement was made to the public.

This was apparently new to the judge. She looked at the Equifax representative, “Is it true that Equifax executives dumped their stock after internal news of the breach, but before it was announced to the public?”

The Equifax representative looked temporarily flustered. “I’m not sure, Your Honor.” She looked frantically through her packet of talking points. “I haven’t been given that information.”

The judge looked at her calmly. “Thank you.”

The ten minutes passed faster than I thought. Several plaintiffs came after me, and at the end of the session, the judge announced that we should all go home and wait for our judgments to come in the mail.

The only thing left was to keep my fingers crossed.

January 18, 2018

I had been checking my SF Superior Court docket every other day since the trial, so it took me by surprise when I finally saw the long-awaited judgment, while waiting in line at Whole Foods. Not only had my case not been dismissed, but I had won a sizable victory of almost $8,000.

Here is a breakdown of the damages I was awarded:

Cost of Credit monitoring (120 months at $30 per month) $3,600
Ongoing emotional distress, anxiety, concerns, and harassment $1,800
Punitive damages under 15 USC 1681 Section 616 for willful non-compliance with the requirements of the Fair Credit Reporting Act $2,500
Court costs $90
Total judgment: $7,990.

Findings and Memorandum by the lovely Judge McGill

Some Learnings:

Always come prepared

The best way to show up your opponent in small claims court is to be more prepared. I printed out all my news articles about the Equifax breach for the judge’s review, as well as my Lifelock receipt to justify my damages. If you’re getting spam calls or spam emails, you should bring recordings and printouts whenever possible.

List out your damages

Fair game damages include: credit monitoring services for ten years, Fair Credit Reporting Act, time spent dealing with spam calls and emails.

Emphasize corporate greed

Punitive damages are the easiest way to get outsized rewards. The best way to justify getting punitive damages is to emphasize the willful intent of Equifax in leaking our data, and the greed they showed in cleaning up the aftermath.

Show up to court

This is a no-brainer, but I looked up the woman who came after me as well as the man who preceded me. They both got similar awards in the $8000 range. Just showing up to court could mean a significant judgment.

Conclusion

I’ve always been passionate about data privacy, which is why the Equifax incident made me so angry.

As money expert Clark Howard wrote about the Equifax breach, “When your whole business is cataloging information on Americans without our permission, packaging us, slicing and dicing us, building these dossiers, and then selling us off over and over again, you have to keep our data secure.”

My judgment

Companies like Equifax need to be taught that consumers are more than commodities. In a world of big data, it’s inevitable that personal data will be collected and sold by companies.

Yet each of those dossiers belongs to a person, and that’s what I enjoyed so much about small claims court.

I may have been one of 143 million Americans who were victims of the Equifax data breach, but for a moment on the stand, I was just an individual, here to make my case.

(Disclaimer: I may have won $7990.00 but 33% of my earnings belong to my company, Legalist, which helped to pay for the legal fees and court costs. Further disclaimer: I am not your lawyer, and this is not legal advice. Results not guaranteed and probably vary significantly depending on the judge you end up with.)

Christian Haigh is the co-founder and CTO of Legalist, a litigation finance company in San Francisco, California. Legalist has funded many small claims cases against Equifax in exchange for repayment only if the case is successful.