Flood Watch
from FRI 11:00 AM MST until SAT 11:00 PM MST, Yavapai County Mountains, Little Colorado River Valley in Coconino County, Little Colorado River Valley in Navajo County, Little Colorado River Valley in Apache County, Eastern Mogollon Rim, White Mountains, Northern Gila County, Yavapai County Valleys and Basins, Oak Creek and Sycamore Canyons, Western Pima County including Ajo/Organ Pipe Cactus National Monument, Tohono O'odham Nation including Sells, Upper Santa Cruz River and Altar Valleys including Nogales, Tucson Metro Area including Tucson/Green Valley/Marana/Vail, South Central Pinal County including Eloy/Picacho Peak State Park, Southeast Pinal County including Kearny/Mammoth/Oracle, Upper San Pedro River Valley including Sierra Vista/Benson, Eastern Cochise County below 5000 ft including Douglas/Wilcox, Upper Gila River and Aravaipa Valleys including Clifton/Safford, White Mountains of Graham and Greenlee Counties including Hannagan Meadow, Galiuro and Pinaleno Mountains including Mount Graham, Chiricahua Mountains including Chiricahua National Monument, Dragoon/Mule/Huachuca and Santa Rita Mountains including Bisbee/Canelo Hills/Madera Canyon, Santa Catalina and Rincon Mountains including Mount Lemmon/Summerhaven, Baboquivari Mountains including Kitt Peak, Kofa, Central La Paz, Aguila Valley, Southeast Yuma County, Gila River Valley, Northwest Valley, Tonopah Desert, Gila Bend, Buckeye/Avondale, Cave Creek/New River, Deer Valley, Central Phoenix, North Phoenix/Glendale, New River Mesa, Scottsdale/Paradise Valley, Rio Verde/Salt River, East Valley, Fountain Hills/East Mesa, South Mountain/Ahwatukee, Southeast Valley/Queen Creek, Superior, Northwest Pinal County, West Pinal County, Apache Junction/Gold Canyon, Tonto Basin, Mazatzal Mountains, Pinal/Superstition Mountains, Sonoran Desert Natl Monument, San Carlos, Dripping Springs, Globe/Miami, Southeast Gila County

San Francisco first city in U.S. to sue Equifax for failing to protect 15M Californians

San Francisco's City Attorney on Tuesday filed a lawsuit against credit reporting company Equifax for failing to protect the personal data of more than 15 million Californians.

San Francisco is the first city in the country to sue Equifax over the massive data breach that compromised the personal information of 143 million U.S. consumers. The company disclosed the breach on Sept. 7, six weeks after it learned its system had been compromised. The suit was filed in San Francisco County Superior Court.

"Equifax's incompetence would be comical if the subject matter weren't so serious," Dennis Herrera said in a statement. "This company fell asleep at the switch and upended the lives of millions of people. The information that Equifax failed to safeguard is what people need to open a bank account, buy a home or rent an apartment. Now Californians have been put at risk of identity theft for years to come."

In an email sent to KTVU, Equifax wrote: "We cannot comment on pending litigation, but want to reassure consumers that we are remaining focused on helping them navigate the situation and providing the best customer support possible. We are listening to issues consumers have experienced and their suggestions, which are helping to further inform our actions as we continue to improve this process."

Also on Tuesday, Equifax ousted CEO Richard Smith in an effort to clean up the mess. Paulino do Rego Barros Jr. was named interim CEO, while board member Mark Feidler was appointed non-executive chairman.

According to San Francisco's lawsuit, Equifax:
-- failed to implement and maintain reasonable security procedures and practices
-- failed to provide timely notice of the data breach to affected California consumers
-- failed to provide complete, plain and clear information


The lawsuit seeks restitution for California consumers, civil penalties of up to $2,500 per violation of the law, and a court order requiring Equifax to implement and maintain appropriate security procedures for the highly sensitive information it handles.

Equifax Inc. is providing a year of free protection against identify theft for anyone who wants it, but some lawmakers are trying to pressure the company into extending that offer for the next decade. Some experts say that still isn't enough to guard against identify theft and are advising consumers to put a freeze on their files at Equifax, Experian and TransUnion to prevent anyone from getting a loan under their names.

Equifax collects names, phone numbers, addresses, social security numbers, dates of birth, financial account information and other data for 820 million consumers worldwide.

However, it uses an open-source software called Apache Struts on its website. Equifax didn't install a freely available "patch" to fix a vulnerability with the software after that security problem was detected and publicly announced on March 7, by various organizations, the suit contends. Herrera is alleging that Equifax could have prevented the data breach by implementing the free patches and fixes provided by the Apache Software Foundation in March 2017.

"When you're dealing with highly sensitive information, keeping your software up to date is such a basic step," Herrera said in a statement. "Equifax also could have encrypted this information or segmented the data in separate databases to prevent hackers from being able to access all of a person's information at once. Equifax did none of that."