Massachusetts Attorney General Maura Healey has filed a lawsuit against Equifax, accusing the company of not doing enough to protect consumers against the massive breach that exposed the personal data of as many as 143 million people, including three million in Healey’s state.
“Equifax knew about the vulnerabilities in its system for months, but utterly failed to keep the personal information of nearly three million Massachusetts residents safe from hackers,” said Healey said in a statement. “Equifax needs to pay for its mistakes, make our residents whole and fix the problem so it never happens again.”
CNBC reported that the lawsuit seeks civil penalties, disgorgement of profits, restitution, costs and attorneys’ fees.
This news comes the day after New York Governor Andrew Cuomo announced plans to require all credit reporting agencies to register with the state. The proposed regulation, which would take effect in February, would require all agencies to report their officer or directors who are responsible for compliance with laws and regulations involving financial services, banking and insurance each year. If the companies fail to register, they risk being barred from doing business with financial companies regulated by New York State.
In addition, New York State cybersecurity regulation, the first of its kind in the country, took effect on March 1, requiring financial firms to take measures to protect networks and customer data from hackers and to disclose cyber events to state regulators.
“The Equifax breach was a wakeup call,” Cuomo said in the statement, “and with this action, New York is raising the bar for consumer protections that we hope will be replicated across the nation.”
William J. Mellin, president/CEO of the New York Credit Union Association, believes more needs to be done to protect consumers against these types of data breaches.
“The Equifax data breach and their bungled response yet again underscore the need for a robust cybersecurity framework at the federal level,” said Mellin. “The bottom line is, what we’re doing now from a cybersecurity standpoint is just not working. While New York State should be applauded for imposing common-sense requirements on credit report agencies, we ultimately need uniform standards imposed on all businesses that maintain confidential information, and legal ramifications for those entities that don’t live up to their end of the bargain.”
Equifax revealed on Tuesday that the breach has also affected about 100,000 Canadians, with names, addresses, Social Insurance Numbers and, in limited cases, credit card numbers being collected.
The company’s share price has fallen by about one-third since it disclosed the data breach, dipping 0.1 percent to $94.25 on Tuesday.