Equifax Gets Slapped With Subpeona From New York Regulator

Equifax is facing yet another legal woe from its massive data breach. This time, New York State’s financial services regulator has issued a subpoena to the company, demanding that it provide more information about the leak.

According to a Reuters news report, the New York’s Department of Financial Services (DFS) sent the subpoena to Equifax on Sept. 14, citing a source who declined to be named.

The subpoena is requesting documents related to the data breach that compromised the personal data of up to 143 million Americans, details on when Equifax learned of the leak and what actions it took after it was found, as well as additional information.

A spokesman for DFS declined to comment, while an Equifax spokesman was not immediately available.

New York has had a strong response to the Equifax hack. Governor Andrew Cuomo recently proposed regulation that would take effect in February, requiring all agencies – including TransUnion and Experian – to report their officers or directors who are responsible for compliance with laws and regulations involving financial services, banking and insurance each year. If the companies fail to register, they risk being barred from doing business with financial companies regulated by New York State.

The state would also be able to bar a credit reporting agency from doing business if it is found to engage in “unfair, deceptive or predatory practices.”

In addition, New York has a new cybersecurity regulation, the first of its kind in the country, which requires financial firms to take measures to protect networks and customer data from hackers and to disclose cyber events to state regulators. It took effect on March 1.

If Equifax had already been subject to the regulation, it would have had to report the breach within 72 hours of its discovery instead of the 41 days it took the company to make the leak known.

In addition to its issues in New York, Equifax is being investigated by multiple federal and state agencies, including the U.S. Department of Justice. The company is being sued by the state of Massachusetts, as well as the city of San Francisco, for not doing enough to protect consumers from the cyber breach.

And just this past week, the company announced its that Richard Smith, its chief executive, would retire and forgo his 2017 bonus. Smith is still expected to testify about the hack at congressional hearings next week.



Banks, corporates and even regulators now recognize the imperative to modernize — not just digitize —the infrastructures and workflows that move money and data between businesses domestically and cross-border.

Together with Visa, PYMNTS invites you to a month-long series of livestreamed programs on these issues as they reshape B2B payments. Masters of modernization share insights and answer questions during a mix of intimate fireside chats and vibrant virtual roundtables.