DECISION

 

Equifax Inc. v. Robert Dow / Warpaint Resources LLC

Claim Number: FA1709001750800

PARTIES

Complainant is Equifax Inc. (“Complainant”), represented by Douglas M Isenberg of The GigaLaw Firm, Douglas M Isenberg, Attorney at Law, LLC, Georgia, USA.  Respondent is Robert Dow / Warpaint Resources LLC (“Respondent”), represented by Jason E. Mueller of LOCKE LORD LLP, Texas, USA.

 

REGISTRAR AND DISPUTED DOMAIN NAMES

The domain names at issue are <efxbreach.us>, <efxhack.us>, <efxlawsuit.us>, <efxsuit.us>, <equifaxbreach.us>, <equifaxhack.us>, <equifaxhackedme.us>, <equifaxlawsuit.us>, <equifaxsuit.us>, <equihacks.us> and <equihax.us>, registered with GoDaddy.com, LLC.

 

PANEL

The undersigned certifies that he or she has acted independently and impartially and to the best of his or her knowledge has no known conflict in serving as Panelist in this proceeding.

 

Katalin Szamosi as Panelist.

 

PROCEDURAL HISTORY

Complainant submitted a Complaint to the Forum electronically on September 26, 2017; the Forum received payment on September 26, 2017.

 

On September 27, 2017, GoDaddy.com, LLC confirmed by e-mail to the Forum that the <efxbreach.us>, <efxhack.us>, <efxlawsuit.us>, <efxsuit.us>, <equifaxbreach.us>, <equifaxhack.us>, <equifaxhackedme.us>, <equifaxlawsuit.us>, <equifaxsuit.us>, <equihacks.us> and <equihax.us> domain names are registered with GoDaddy.com, LLC and that Respondent is the current registrant of the names.  GoDaddy.com, LLC has verified that Respondent is bound by the GoDaddy.com, LLC registration agreement and has thereby agreed to resolve domain disputes brought by third parties in accordance the U.S. Department of Commerce’s usTLD Dispute Resolution Policy (the “Policy”).

 

On September 28, 2017, the Forum served the Complaint and all Annexes, including a Written Notice of the Complaint, setting a deadline of October 18, 2017 by which Respondent could file a Response to the Complaint, via e-mail to all entities and persons listed on Respondent’s registration as technical, administrative, and billing contacts, and to postmaster@efxbreach.us, postmaster@efxhack.us, postmaster@efxlawsuit.us, postmaster@efxsuit.us, postmaster@equifaxbreach.us, postmaster@equifaxhack.us, postmaster@equifaxhackedme.us, postmaster@equifaxlawsuit.us, postmaster@equifaxsuit.us, postmaster@equihacks.us and  postmaster@equihax.us.  Also on September 28, 2017, the Written Notice of the Complaint, notifying Respondent of the e-mail addresses served and the deadline for a Response, was transmitted to Respondent via post and fax, to all entities and persons listed on Respondent’s registration as technical, administrative and billing contacts.

 

A timely Response was received and determined to be complete on October 18, 2017.

 

Complainant submitted an Additional Submission that was received and determined to be timely on October 23, 2017.

 

On October 24, 2017, pursuant to Complainant's request to have the dispute decided by a single-member Panel, the Forum appointed dr. Katalin Szamosi as Panelist.

 

A timely response was received from the Respondent to the Additional Submission of the Complainant on October 28, 2017.

 

Having reviewed the communications records, the Administrative Panel (the "Panel") finds that the Forum has discharged its responsibility under Paragraph 2(a) of the Rules for Uniform Domain Name Dispute Resolution Policy (the "Rules") "to employ reasonably available means calculated to achieve actual notice to Respondent" through submission of Electronic and Written Notices, as defined in Rule 1 and Rule 2.

 

 

RELIEF SOUGHT

Complainant requests that the domain names be transferred from Respondent to Complainant.

 

PARTIES' CONTENTIONS

A. Complainant

1.    Complainant argues that under Policy ¶ 4(a)(i) Respondent’s <efxbreach.us>, <efxhack.us>, <efxlawsuit.us>, <efxsuit.us>, <equifaxbreach.us>, <equifaxhack.us>, <equifaxhackedme.us>, <equifaxlawsuit.us>, <equifaxsuit.us>, <equihacks.us> and <equihax.us> domain names are identical to Complainant’s “Equifax,” and “EFX,” mark. In support of this Complainant asserts that

·         it or its affiliates own numerous trademark applications or registrations in the United States and around the world for marks EQUIFAX and EFX;

·         each disputed domain name appends a descriptive term and the country-code top-level domain (ccTLD) “.us” to its marks or an abbreviated version of its mark;

·         disputed domain names contain either the EFX Trademark or the EQUIFAX in its entirety plus one or more words related to Complainant and/or the Cybersecurity Incident (such as “breach” or “hack”).

·         Respondent’s <equihacks.us> and <equihax.us> are confusingly similar because each incorporates a typographical variation of Complainant’s EQUIFAX mark and appends the ccTLD “.us,” creating domain names bearing a distinct phonetic similarity with the EQUIFAX mark.

 

2.    Complainant argues that Respondent has no rights and legitimate interests in the disputed domain name under Policy ¶ 4(a)(ii). In support of this Complainant asserts that

·         Respondent is not commonly known by the domain names, nor has Complainant granted any assignment, license, or authorization to utilize the marks in a domain name or otherwise;

·         Respondent does not own a trade or service mark identical to any of the domain names;

·         Respondent fails to use some of the domain names and the other domain names are used in connection with monetized parking pages

 

3.    Complainant argues that Respondent registered and uses the disputed domain name in bad faith under Policy ¶ 4(a)(iii). In support of this Complainant contends that

·         Respondent’s utilization of competitive links on its parked pages indicates bad faith;

·         given the longstanding use of the EQUIFAX mark and Complainant’s trademark holdings, as well as the temporal proximity of the domain name registrations and their clear reference to a recent incident involving Complainant, Respondent likely had actual or constructive knowledge of the EQUIFAX mark;

·          inactive holding of some of the domain names demonstrates bad faith under.

 

B. Respondent

1.    Respondent’s domain names are not identical or confusingly similar to Complainant’s marks. Respondent claims

·         Respondent registered domain names to refer specifically to the data breach event of Complainant and the aftermath it has caused;

·         the domain names identify the event with terms like “breach,” “hack,” “suit” and “lawsuit.”;

·         additional terms sufficiently distinguish the disputed domain names from Complainant’s trademark and services, and the domain names could not be clearer as to the subject matter that will be presented to visitors at the domains.

 

2.    Respondent has rights and legitimate interests in the disputed domain name. In support of this Respondent contends that

·         Respondent is a marketing partner of a law office which engaged Respondent to develop a communication strategy for the law office to provide information to consumers about the security breach which occurred at the Complainant;

·         demonstrable preparations to use the domain names have been made, constituting a bona fide offering of valuable services to consumers;

·         the purpose of acquiring the domain names was to provide general information to consumers who might have been impacted by the security breach which occurred at Complainant;

·         the domain names remain inactive and serve as temporary placeholders;

·         owned the domains for only 20 days before commencement of this proceeding.

 

3.    Respondent did not register the domain names in bad faith in support of which he asserts that

·         Complainant cannot credibly argue that it was prevented from registering Respondent’s domain names merely because Respondent did so first;

·         Complainant has intentionally avoided associating itself with words like “hack,” “breach,” and “lawsuit” when communicating with consumers;

·         Respondent’s registration of the domain names was and is to provide a valuable service to consumers in a field of business separate and distinct from Complainant’s.

 

 

C. Additional Submissions

 

In its Additional Submissions Complainant asserts that

·         Respondent ignores those cases that are most analogous to the disputed domain names here, that is, domain names containing a complainant’s trademark plus words such as “hack” or “lawsuit.”;

·         to develop a communication strategy does not negate any of the factual or legal arguments in the Complaint, it also does not provide Respondent with rights or legitimate interests in any of the Disputed Domain Names;

·         Respondent’s actions are not bona fide and, therefore, cannot constitute anything other than bad faith.

 

In its Additional Submissions Respondent asserts that

·         domains do not involve cybersquatting, but rather include proper use of Complainant’s corporate name as a reference to Complainant, together with terms identifying Respondent’s legitimate interest in the domains to intentionally distinguish the domains from Complainant’s trademark;

·         the services of Complainant and Respondent are not related therefore are not competitors;

·         made demonstrable preparations to use the domain names in connection with a bona fide offering of valuable marketing and legal services;

·         Respondents legitimate interest in his domain names arises as a result of demonstrable preparations to use the domains in connection with a bona fide offering of services therefore the registration and use of the domain names was not, and is not, in bad faith.

 

 

FINDINGS

 

Complainant is the owner of numerous trademarks around the world protecting the EQUIFAX and EFX marks.

 

There was a cybersecurity incident at the Complainant which resulted in a data breach.

 

DISCUSSION

Paragraph 15(a) of the Rules instructs this Panel to "decide a complaint on the basis of the statements and documents submitted in accordance with the Policy, these Rules and any rules and principles of law that it deems applicable."

 

Paragraph 4(a) of the Policy requires that Complainant must prove each of the following three elements to obtain an order that a domain name should be cancelled or transferred:

 

(1)  the domain name registered by Respondent is identical or confusingly similar to a trademark or service mark in which Complainant has rights; and

(2)  Respondent has no rights or legitimate interests in respect of the domain name; and

(3)  the domain name has been registered and is being used in bad faith.

 

Given the similarity between the Uniform Domain Name Dispute Resolution Policy (“UDRP”) and the usTLD Policy, the Panel will draw upon UDRP precedent as applicable in rendering its decision.

 

Identical and/or Confusingly Similar

 

Complainant claims it uses its EQUIFAX and EFX marks to promote its products and services and has established rights in the marks through registration with the USPTO and other offices worldwide. The Panel notes that ownership of a federally registered trademark is strong evidence of a Complainant’s rights in the marks under Policy. See Liberty Global Logistics, LLC v. damilola emmanuel / tovary services limited, FA 1738536 (Forum Aug. 4, 2017) (stating, “Registration of a mark with the USPTO sufficiently establishes the required rights in the mark for purposes of the Policy.”). Accordingly, the Panel finds that Complainant has rights in or to the EQUIFAX and EFX marks under Policy ¶ 4(a)(i).

 

Complainant argues Respondent’s <efxbreach.us>, <efxhack.us>, <efxlawsuit.us>, <efxsuit.us>, <equifaxbreach.us>, <equifaxhack.us>, <equifaxhackedme.us>, <equifaxlawsuit.us>, <equifaxsuit.us>, <equihacks.us> and <equihax.us> are confusingly similar to Complainant’s marks because each appends a descriptive term and the ccTLD “.us” to the entire or an abbreviated version of Complainant’s marks.

 

 

Respondent’s <equihacks.us> and <equihax.us> are confusingly similar because each incorporates a typographical variation of Complainant’s EQUIFAX mark and appends the ccTLD “.us,” creating domain names bearing a distinct phonetic similarity with the EQUIFAX mark. Adding a ccTLD, a generic term, or creating a phonetically similar domain name does not create distinction.

 

The Panel finds that the fact that a domain name wholly incorporates a complainant’s registered marks is sufficient to establish identity or confusing similarity for purposes of the Policy and the addition of generic terms does not provide sufficient distinction, therefore Respondent’s domain names are confusingly similar under Policy ¶ 4(a)(i).

 

With regards to the domain names <equihacks.us> and <equihax.us> the Panel notes that these differences are irrelevant for purposes of confusing similarity under the Policy as see WIPO Overview of WIPO Panel Views on Selected UDRP Questions, Third Edition: "a domain name which consists of a common, obvious, or intentional misspelling of a trademark is considered by panels to be confusingly similar to the relevant mark for purposes of the first element." See MIGROS-GENOSSENSCHAFTS-BUND v. Tayfun yalcin, FA 1621184 (Forum July 8, 2015) (“In light of the fact that Respondent’s disputed domain name incorporates Complainant’s whole mark and merely adds the ccTLD “.us,” the Panel here finds that the disputed domain name is identical to Complainant’s MIGROS mark.”); see also YETI Coolers, LLC v. Randall Bearden, FA 16060016880755 (Forum Aug. 10, 2016) (finding that the words “powder coating” in the <yetipowdercoating.com> domain name are “merely explicative and directly refer to some of the services rendered by the Complainant” and, therefore, create an “irrefutable confusing similarity” to complainant’s YETI mark); see also Noodle Time, Inc. v. Bryan Stapp, FA 1723431 (Forum May 4, 2017) (“The residual term, ‘bennyhanna,’ is phonetically identical to the trademark [BENIHANA] and so the Panel finds that the disputed domain name is confusingly similar to the trademark.”).

 

All of the domain names at issue incorporate fully Complainant’s marks and add descriptive terms such as "breach", "hack", "hackedme" "hacks", "hax", "lawsuit" and "suit". There is a debate as to whether the addition to a trademark of disparaging words such as ‘sucks’, or the ones that were added to the disputed domain names has the result that a reasonable internet user would not be confused. This argument was also put forward by Respondent with the argument that the trademark owner would not make such a disparaging remark about itself.

 

By the own admission of Respondent it acquired over 150 domain names, including the disputed domain names, which could be used to provide general information to consumers who might have been impacted by the security breach.

 

This Panel is of the view that Respondent can provide information to consumers without including Complainant's corporate name as a reference and the addition of merely generic words does not detract from or weaken the clear confusing similarity that comes when the entirety of a trademark is included in the disputed domain names. See Ginn Real Estate Company LLC v. Hilton Wiener Claim Number: FA0806001211342 (Forum August 20, 2008) (finding "This view is consistent with the views expressed in the cases cited by the Complainant, namely Reliv Int v. Kelly, FA 96319 (Forum Feb. 5, 2001) and Am. Int’l Group Inc. v. Speyere, FA 481752 (Forum June 18, 2005), expressly finding that the addition of the words ‘lawsuit’ or ‘lawsuits’ to a trademark made the domain name confusingly similar to the trademark.")

 

 

Rights or Legitimate Interests

 

As to the second element, Complainant must first make a prima facie case that Respondent lacks rights and legitimate interests in the disputed domain name under Policy ¶ 4(a)(ii), and then the burden shifts to Respondent to show it does have rights or legitimate interests. See Hanna-Barbera Prods., Inc. v. Entm’t Commentaries, FA 741828 (Forum Aug. 18, 2006) (holding that the complainant must first make a prima facie case that the respondent lacks rights and legitimate interests in the disputed domain name under UDRP ¶ 4(a)(ii) before the burden shifts to the respondent to show that it does have rights or legitimate interests in a domain name); see also AOL LLC v. Gerberg, FA 780200 (Forum Sept. 25, 2006) (“Complainant must first make a prima facie showing that Respondent does not have rights or legitimate interest in the subject domain names, which burden is light.  If Complainant satisfies its burden, then the burden shifts to Respondent to show that it does have rights or legitimate interests in the subject domain names.”).

 

Complainant contends that Respondent has no rights or legitimate interests in the domain names.  Complainant also asserts that Respondent is not commonly known by the disputed domain name nor has Respondent been authorized by Complainant to register any variant of EQUIFAX in a domain name per Policy ¶ 4(c)(iii).  The Panel finds that Respondent has not submitted any evidence which would rebut the assertion that it is not commonly known by the disputed domain name, therefore, this Panel sees no foundation upon which a declaration that Respondent is commonly known by the domain names is proper.  See Reese v. Morgan, FA 917029 (Forum Apr. 5, 2007) (concluding that the respondent was not commonly known by the <lilpunk.com> domain name as there was no evidence in the record showing that the respondent was commonly known by that domain name, including the WHOIS information as well as the complainant’s assertion that it did not authorize or license the respondent’s use of its mark in a domain name).

 

The Panel finds that there is nothing in the available evidence which indicates that Respondent has rights in a mark identical to the disputed domain name, which would serve to satisfy Policy ¶ 4(c)(i). See Pepsico, Inc. v. Becky, FA 117014 (Forum Sept. 3, 2002) (holding that because the respondent did not own any trademarks or service marks reflecting the <pepsicola.us> domain name, it had no rights or legitimate interests pursuant to Policy ¶ 4(c)(i)).

 

Respondent asserts that it has made demonstrable preparations to use the domain names in connection with a bona fide offering of goods or services under Policy ¶ 4(c)(ii).

 

This Panel is on the opinion that Respondent's service, providing information to consumers who might have been impacted by the security breach and to solicit business to the partner of the Respondent can be achieved without including Complainant’s marks in the domain names, and certainly without the registration of 11 such domain names. In the view of this Panel, in cases where the disputed domain names contain the entire mark, the use of, or demonstrable preparations to use, the domain name in connection with a bona fide offering of goods or services cannot be established based on a descriptive term which is supposed to describe the content of the website and distinguish the domains from Complainant’s marks. It has to be noted that in the present case distinction from Complainant's marks cannot be achieved since the services that will be offered - based on the description provided by the added generic term and taking into account the contentions of Respondent - will be linked with Complainant.

 

If the only way to offer services such as Respondent is planning to offer could be by incorporating Complainant's marks in the domain names, then Respondent's arguments that it has made demonstrable preparations to use the domain names in connection with a bona fide offering of goods or services under Policy ¶ 4(c)(ii) could be accepted, but this Panel finds that this is not the case in the present dispute.

 

There are alternative ways to inform consumers about the security breach and the services of the law office of which Respondent is a partner. This is also supported by the contention of Respondent namely that it registered 150 domain names, therefore it is safe to assume that Respondent was able to find alternative domain names that did not include Complainant's marks in them, but are also fit for the same purpose. It has to be noted that the use of other domain names is just one solution that can be utilized by Respondent to inform users about the security breach and the services offered.

 

Accordingly, the Panel finds that to solicit and attract business by incorporating the entire marks of Complainant does not constitute a bona fide offering of goods or services under Policy ¶ 4(c)(ii). See inter alia Am. Int’l Group, Inc. v. Speyer, FA 422815 (Forum Apr. 7, 2005) (finding that “Respondent’s use of a domain name similar to another’s mark in order to solicit and attract business does not constitute a bona fide offering of goods or services pursuant to Policy 4(c)(i) or a legitimate noncommercial or fair use pursuant to Policy 4(c)(iii)”).

 

 

Registration or Use in Bad Faith

 

Complainant argues Respondent’s registration of several infringing domain names imputes Policy ¶ 4(b)(ii). The Panel agrees with Complainant and finds that the fact that Respondent registered 11 domain names which incorporate the trademarks of Complainant  constitutes bad faith under Policy ¶ 4(b)(ii).See Radisson Hotels Internation, Inc. v. Yue Mei Wang / Wang Yue Mei aka Pei Jun Gan / Gan Pei Jun / Jun Yu He / He Jun Yu / Denliyan, FA1504001615349 (Forum June 1, 2015) (“The Panel agrees that Respondents registration of the <radissonbluplazachongqing.com>, <radissonbluchongqingshapingba.com>,<radissonplazahoteltianjin.com>, and <radissonbluhotelshanghai.com> domain names, which all infringe on Complainant’s mark, constitutes bad faith under Policy ¶ 4(b)(ii).”).

 

DECISION

Having established all three elements required under the usTLD Policy, the Panel concludes that relief shall be GRANTED.

 

Accordingly, it is Ordered that the <efxbreach.us>, <efxhack.us>, <efxlawsuit.us>, <efxsuit.us>, <equifaxbreach.us>, <equifaxhack.us>, <equifaxhackedme.us>, <equifaxlawsuit.us>, <equifaxsuit.us>, <equihacks.us>, <equihax.us> domain names be TRANSFERRED from Respondent to Complainant.

 

 

Katalin Szamosi Panelist

Dated:  November 7, 2017

 

 

 

 

Click Here to return to the main Domain Decisions Page.

Click Here to return to our Home Page