Equifax has decided it will no longer try and impose arbitration on any of the millions of Americans who try to find out if they've been stung in its massive data leak.

Following its 143-million-record megaleak, the company created a website meant to let worried people sign up for a credit file monitoring product – if they agreed to arbitration and waived their right to sue.

That, and the fact that equifaxsecurity2017.com was a Wordpress site, and therefore hardly a paragon of security, raised eyebrows and criticism from World+Dog.

Now, Equifax has relented – at least in the matter of forced arbitration. In a “Progress Update for Consumers” posted at the same site, the company says:

We “confirm that enrolling in the free credit file monitoring and identity theft protection that we are offering as part of this cybersecurity incident does not waive any rights to take legal action. We removed that language from the Terms of Use on the website, www.equifaxsecurity2017.com. The Terms of Use on www.equifax.com do not apply to the TrustedID Premier product being offered to consumers as a result of the cybersecurity incident.”

Other changes made since the site first landed include:

The site now generates random PINs for users signing up for the premium product (originally it was criticised for deriving PINs from users' information, making them predictable);

The call centre handling inquiries has been expanded;

Equifax assures customers they won't be automatically enrolled in the premium monitoring product, and is not “requesting consumers' credit card information when they sign up”; and

The link to https://www.equifaxsecurity2017.com/ has been made more obvious at the company's main site.

All of which should quieten one source of anger about Equifax. But it has dozens more to deal with and court dates a-plenty in its future. ®