Security & Fraud

Equifax Agrees To Regulators’ Demand For Stronger Security Practices

Equifax has made a deal to tighten up its security after a massive data breach that compromised the sensitive data of more than 145 million people.

Last year, the company revealed that hackers had exploited a U.S. website application vulnerability to gain access to certain files. The unauthorized access occurred from mid-May through July 2017, with the information impacted including names, Social Security numbers, birth dates, addresses and, in some instances, driver’s license numbers.

In order to avoid fines, Equifax made a deal with eight states’ banking regulators to perform a detailed assessment of cyberthreats, boost board oversight of cybersecurity and improve processes to fix known security vulnerabilities, according to Reuters. The consent decree was approved by regulators in Alabama, California, Georgia, Maine, Massachusetts, New York, North Carolina and Texas. Equifax said it had already completed “a good number” of the actions required through the deal.

“The findings, with a very few exceptions, are not new findings and are already part of our remediation plans,” the statement said. “We expect to meet or exceed all the commitments made under the Consent Order.”

Maria T. Vullo, head of the New York Department of Financial Services, said that state regulators had to act because federal agencies have, so far, failed to sanction Equifax for the breach.

“In an era of weakened federal government oversight, strong state regulation is essential,” she said.

Jamie Court, president of the Foundation for Taxpayer and Consumer Rights, agreed that the lack of a financial penalty set a bad precedent.

“Companies don’t change their practices unless they suffer financial consequences,” said Court. “The fact that Equifax is not required to pay any fines is sending the wrong message.”

Earlier this year, it was revealed that Equifax had spent $68.7 million in the first quarter on costs related to the breach. The company has, so far, spent $242.7 million on breach costs  and more is likely to come, with Equifax predicting in March another $275 million in related expenses.


Latest Insights:

Our data and analytics team has developed a number of creative methodologies and frameworks that measure and benchmark the innovation that’s reshaping the payments and commerce ecosystem. The September 2019 AML/KYC Tracker Report provides an in-depth examination of current efforts to stop money laundering, fight fraud and improve customer identity authentication in the financial services space.


To Top