Artboard 1Icons/Ionic/Social/social-pinterest

Equifax ordered to pay $3.5 million for breach of consumer law

03 October 2018

#Competition & Consumer Law, #Data & Privacy

Equifax ordered to pay $3.5 million for breach of consumer law

Following admissions that it breached Australian Consumer Law prohibitions on false and misleading representations in 2016-17, Equifax Australia Information Services and Solutions Pty Ltd (formerly known as Veda) (Equifax) has been ordered to pay $3.5 million by the Federal Court.

The order follows joint submissions made by Equifax and the Australian Competition and Consumer Commission (ACCC), which commenced proceedings earlier in the year in relation to false and misleading representations made by Equifax to consumers during telephone calls. Equifax, the largest consumer credit reporting agency in Australia, speciously told consumers that:

  • its paid credit reports were more comprehensive than the free report which consumers are entitled to by law - they are in fact the same
  • the credit score provided in its paid reports was the same one used by credit providers in assessing their credit application - credit providers may rely on alternative credit scores and credit score providers
  • its credit report packages attracted a single one-off payment only – automatic renewals meant consumers would continue to be charged unless they opted out.

The misconduct encouraged consumers to acquire paid credit reporting services in circumstances where they were not required, or were already entitled to free access under the Privacy Act 1988 (Cth). Further admissions of unconscionability were made by Equifax in relation to three particularly vulnerable consumers. 

In addition to the $3.5 million penalty, Equifax has also agreed to establish a 180 day consumer refund and redress scheme.

The decision follows the Interim Report of the Financial Services Royal Commission into similar allegations of misconduct in the banking sector and comes at a difficult time for Equifax, whose UK-based company Equifax Ltd has just been issued with a £500,000 fine by the UK’s privacy regulator in relation to a privacy data breach in 2017. The details on this decision and the impact for privacy are set out in our article here.

Authors: Lyn Nicholson & Georgia Milne


Lyn Nicholson, General Counsel
T: +61 2 8083 0463

Dan Pearce, Partner
T: +61 3 9321 9840

Trent Taylor, Partner
T: +61 7 3135 0668

The information in this publication is of a general nature and is not intended to address the circumstances of any particular individual or entity. Although we endeavour to provide accurate and timely information, we do not guarantee that the information in this publication is accurate at the date it is received or that it will continue to be accurate in the future. We are not responsible for the information of any source to which a link is provided or reference is made and exclude all liability in connection with use of these sources. 

Share this