A new proposed regulation would go into effect in February, requiring all agencies – including TransUnion and Experian – to report their officers or directors who are responsible for compliance with laws and regulations involving financial services, banking and insurance each year. If the companies fail to register, they could be barred from doing business with financial companies regulated by New York State.
The state’s cybersecurity regulation took effect on March 1, requiring financial firms to take measures to protect networks and customer data from hackers and to disclose cyberattacks to state regulators. The directive is the first of its kind in the country.
Maine is currently the only state that requires credit agencies to register, but its law does not cover cyber security.
New York isn’t the only state to respond to the Equifax breach, which compromised the personal data of about 143 million consumers. The U.S Attorney’s office in Atlanta issued a statement saying it was working with the FBI on a criminal investigation into the breach and theft of personal information.
In addition, Massachusetts Attorney General Maura Healey filed a lawsuit against the company, accusing it of not doing enough to protect consumers against the massive breach, impacting three million in the state.
“Equifax knew about the vulnerabilities in its system for months, but utterly failed to keep the personal information of nearly three million Massachusetts residents safe from hackers,” said Healey said in a statement. “Equifax needs to pay for its mistakes, make our residents whole and fix the problem so it never happens again.”
There are also reports that a federal criminal investigation has been opened into Equifax executives’ stock sales before disclosure of the data breach. Equifax has said the executives were unaware of the hack when they sold the stock.