A few weeks ago, we reported that Equifax was successful in wresting over 125 domain names from squatters who were hoping to cash in on the publicity behind the Equifax security breach. For those that have been in a sensory deprivation tank for the last few months, on September 7th of this year, Equifax Inc. announced a cyber security breach that could potentially impact 100 million US consumers. On December 5th, the World Intellectual Property Office issued a second decision involving Equifax related domains against a different Respondent with a well reasoned opinion that requires the transfer of some, but not all of the domains stating that “Scandals spawn hashtags and disasters breed domain names”.

Warpaint Resources LLC had registered 135 domain names the next day. These include EFXbreach.biz, EFXbreach.club, Equifax breach.guru, etc. (the “28 domain names”), efxhack.attorney, equifaxfuckedme.com, equifaxhackedus.com (the “107 domain names”). Warpaint argued that the domain names were not confusingly similar. Warpaint claims it was retained by an attorney to develop a communication strategy to provide information to consumers about the data breach and regarding the possiblility of filing individual and class action lawsuits against Equifax. The 28 domain names were transferred to Equifax Inc. while the Respondent retained ownership of the 107 domain names. The panel had no issue in concluding that all 135 of the domain names met the confusingly similarity requirement for establishing standing. The panel also determined that some of the marks fell into the category of fair use for purposes of asserting a legitimate interest in the Domains. Those domains that trigger an inference of affiliation with Equifax’s rights (the 28 domain names) that include the more neutral term of “breach” in association with the Equifax trademarks. The panel found that these domains were inherently likely to engender confusion as to source or affiliation and are likely to “misleadingly divert consumers…for commercial gain”. The panel concluded that the Respondent had legitimate interests based on the nature of the 107 domain names that included terms like “hack”, “lawsuit” and “equihax” as it was unlikely to cause confusion as Equifax would not utilize such domain names itself nor would it be likely that consumers would believe that such domains emanated from Equifax. Therefore, the 107 domain names were not transferred.

The panel did issue a cautionary note to the Respondent that if they were to turn to a pay per click (PPC) monetization of the 107 domains, the panel might view these domains differently and even mentioned that allowing domain names that incorporate or mimic another party’s trademarks to be used for monetized PPC landing pages is irresponsible, unfair to the trademark owner and inconsistent with Respondent’s obligations under the registration agreement. The panel then takes the “unusual step of entering this Decision expressly without prejudice” so that Complainant may refile a Complaint after either websites are published or if any of the domains continue to be used by third party advertising landing pages after a reasonable transition period.

So. Today’s lesson incorporates a few thoughts: It is potentially legitimate to utilize another’s trademarks in your domain names if there is a legitimate fair use of the trademarks. However, companies defending their trademarks are encouraged to continue to monitor the domain registrations and subsequent webpages that resolve from the domain names. All may not be lost.