Security & Fraud

Equifax Agrees To Regulators’ Demand For Stronger Security Practices

Equifax has made a deal to tighten up its security after a massive data breach that compromised the sensitive data of more than 145 million people.

Last year, the company revealed that hackers had exploited a U.S. website application vulnerability to gain access to certain files. The unauthorized access occurred from mid-May through July 2017, with the information impacted including names, Social Security numbers, birth dates, addresses and, in some instances, driver’s license numbers.

In order to avoid fines, Equifax made a deal with eight states’ banking regulators to perform a detailed assessment of cyberthreats, boost board oversight of cybersecurity and improve processes to fix known security vulnerabilities, according to Reuters. The consent decree was approved by regulators in Alabama, California, Georgia, Maine, Massachusetts, New York, North Carolina and Texas. Equifax said it had already completed “a good number” of the actions required through the deal.

“The findings, with a very few exceptions, are not new findings and are already part of our remediation plans,” the statement said. “We expect to meet or exceed all the commitments made under the Consent Order.”

Maria T. Vullo, head of the New York Department of Financial Services, said that state regulators had to act because federal agencies have, so far, failed to sanction Equifax for the breach.

“In an era of weakened federal government oversight, strong state regulation is essential,” she said.

Jamie Court, president of the Foundation for Taxpayer and Consumer Rights, agreed that the lack of a financial penalty set a bad precedent.

“Companies don’t change their practices unless they suffer financial consequences,” said Court. “The fact that Equifax is not required to pay any fines is sending the wrong message.”

Earlier this year, it was revealed that Equifax had spent $68.7 million in the first quarter on costs related to the breach. The company has, so far, spent $242.7 million on breach costs  and more is likely to come, with Equifax predicting in March another $275 million in related expenses.



Digital transformation has been forcefully accelerated, but how does that agility translate into the fight against COVID-era attacks and sophisticated identity threats? As millions embrace online everything, preserving digital trust now falls mostly on banks and FIs. Now, advances in identity data and using different weights on the payment mix afford new opportunities to arm organizations and their customers against cyberthreats. From the latest in machine learning for fraud and risk, to corporate treasury teams working in new ways with new datasets, learn from experts how digital identity, together with advances like real-time payments, combine to engender trust and enrich relationships.