I am not a lawyer but intent appears to play a big role. A company that is negligent or incompetent will always face a lesser repercussion than one who acts deliberately.
Now of course this is not to exonerate Equifax whose entire premise rests on safeguarding sensitive information. From the consumer side, the 2 incidents are equally bad.
Not that I completely disagree with you, but lets not pretend that leaking SSN is equivalent to possibly leaking emails and passwords. One of those is far more important than the others. There was also tons of evidence of insider trading by Equifax execs. If anything the Equifax stuff proved to me that the American public doesn't care about privacy and so neither should investors.
Email password, of course. I give out my ssn for identification to various organizations. I NEVER give out my email password to anyone except my email provider
> whose entire premise rests on safeguarding sensitive information
Is this a joke? You are not Equifax's customer and they do not need your trust. Their entire premise is selling information about you, to people who do not trust you. Securing your data is something they have to do for compliance, not a core part of their business.
Now of course this is not to exonerate Equifax whose entire premise rests on safeguarding sensitive information. From the consumer side, the 2 incidents are equally bad.