[jjeaff]

As far as I'm concerned, every single act of identity theft that occurred after the breach where at least one piece of data leaked in the breach was used, are damages. Sure, it might have happened anyway, but it doesn't really matter which illicit source they got it from it was available anyway.

Just like in an assault/homicide case, if a victim has a heart attack and dies soon after you assaulted them, you can't prove that the attack led to the heart attack. Could just be bad timing. But most courts and juries would likely find the assaulter guilty to some extent.

[JumpCrisscross]

> it might have happened anyway

This isn’t how civil damages work in any jurisdiction.

> like in an assault/homicide case

Apples and oranges. If the only way we can finger Equifax is by equating their actions to violent crimes, there is no case. That is increasingly my conclusion. These leaks have little to no actual cost.

[jjeaff]

In the case of the equifax leak, I don't think they have shown up in large tranches on the dark web like other leaks. Which I think suggests that it may have been a state actor. So Equifax's negligence has created a national security issue. Imagine how a state actor could cripple the financial system by using bots to open millions of accounts en-masse and start taking out loans or whatever. Banks would have to shut down until they could figure out which accounts are fraudulent.