On September 7, Equifax Inc. announced the cyber security breach that could potentially impact 100 million U.S. consumers. In addition to Equifax’s main website, Equifax.com, the company set up a dedicated website — www.equifaxsecurity2017.com — for consumers wanting to confirm whether their information was breached. Between September 8 and September 15, China Capital Investment Limited filed in excess of 125 domain names that included multiple typosquatting versions of the website including equifaxdatabreach2017.com, equifaxsecuriy.com and 2017equifax.com, to name only a few. The domains were connected to monetized parking pages with a banner announcing that the domain name was for sale.
Equifax filed a Complaint with the World Intellectual Property Organization (WIPO) requesting transfer of the domains. In the complaint, Equifax alleged not only that the domains were identical or confusingly similar and that China Capital had no right or legitimate interest — pretty standard stuff. In the allegation that the domains were filed in bad faith, Equifax went on to allege that China Capital has been on the receiving end of many similar complaints from well-known trademark owners. Combined with the monetized site as well as the offer for sale, the WIPO Panelist had little difficulty in assessing bad faith.
The case also reiterated that while failure on the part of China Capital to respond to the complaint was not fatal to China Capital’s case. The burden of proof is still on the party filing the complaint. The panelist is allowed “in the absence of exceptional circumstances to draw such inferences as it considers appropriate.” See WIPO’s administrative panel decision.
A good practice tip: whether good news or bad news is being communicated from a company, a watch of new domain names should be considered. Take immediate action and review whether the respondent has been determined to be a serial squatter.