Security & Fraud

Cuomo Says Credit Reporting Firms Should Comply With NY’s Cybersecurity Rules

New York Governor Andrew Cuomo announced that he wants credit reporting firms to comply with the state’s new cyber-security regulations in the wake of the massive Equifax hack, according to Reuters.

A new proposed regulation would go into effect in February, requiring all agencies – including TransUnion and Experian – to report their officers or directors who are responsible for compliance with laws and regulations involving financial services, banking and insurance each year. If the companies fail to register, they could be barred from doing business with financial companies regulated by New York State.

The state’s cybersecurity regulation took effect on March 1, requiring financial firms to take measures to protect networks and customer data from hackers and to disclose cyberattacks to state regulators. The directive is the first of its kind in the country.

Maine is currently the only state that requires credit agencies to register, but its law does not cover cyber security.

New York isn’t the only state to respond to the Equifax breach, which compromised the personal data of about 143 million consumers. The U.S Attorney’s office in Atlanta issued a statement saying it was working with the FBI on a criminal investigation into the breach and theft of personal information.

In addition, Massachusetts Attorney General Maura Healey filed a lawsuit against the company, accusing it of not doing enough to protect consumers against the massive breach, impacting three million in the state.

“Equifax knew about the vulnerabilities in its system for months, but utterly failed to keep the personal information of nearly three million Massachusetts residents safe from hackers,” said Healey said in a statement. “Equifax needs to pay for its mistakes, make our residents whole and fix the problem so it never happens again.”

There are also reports that a federal criminal investigation has been opened into Equifax executives’ stock sales before disclosure of the data breach. Equifax has said the executives were unaware of the hack when they sold the stock.



Digital transformation has been forcefully accelerated, but how does that agility translate into the fight against COVID-era attacks and sophisticated identity threats? As millions embrace online everything, preserving digital trust now falls mostly on banks and FIs. Now, advances in identity data and using different weights on the payment mix afford new opportunities to arm organizations and their customers against cyberthreats. From the latest in machine learning for fraud and risk, to corporate treasury teams working in new ways with new datasets, learn from experts how digital identity, together with advances like real-time payments, combine to engender trust and enrich relationships.