Security & Fraud

Equifax Agrees To Regulators’ Demand For Stronger Security Practices

Equifax has made a deal to tighten up its security after a massive data breach that compromised the sensitive data of more than 145 million people.

Last year, the company revealed that hackers had exploited a U.S. website application vulnerability to gain access to certain files. The unauthorized access occurred from mid-May through July 2017, with the information impacted including names, Social Security numbers, birth dates, addresses and, in some instances, driver’s license numbers.

In order to avoid fines, Equifax made a deal with eight states’ banking regulators to perform a detailed assessment of cyberthreats, boost board oversight of cybersecurity and improve processes to fix known security vulnerabilities, according to Reuters. The consent decree was approved by regulators in Alabama, California, Georgia, Maine, Massachusetts, New York, North Carolina and Texas. Equifax said it had already completed “a good number” of the actions required through the deal.

“The findings, with a very few exceptions, are not new findings and are already part of our remediation plans,” the statement said. “We expect to meet or exceed all the commitments made under the Consent Order.”

Maria T. Vullo, head of the New York Department of Financial Services, said that state regulators had to act because federal agencies have, so far, failed to sanction Equifax for the breach.

“In an era of weakened federal government oversight, strong state regulation is essential,” she said.

Jamie Court, president of the Foundation for Taxpayer and Consumer Rights, agreed that the lack of a financial penalty set a bad precedent.

“Companies don’t change their practices unless they suffer financial consequences,” said Court. “The fact that Equifax is not required to pay any fines is sending the wrong message.”

Earlier this year, it was revealed that Equifax had spent $68.7 million in the first quarter on costs related to the breach. The company has, so far, spent $242.7 million on breach costs  and more is likely to come, with Equifax predicting in March another $275 million in related expenses.


Featured PYMNTS Study: 

With eyes on lowering costs to improving cash flow, 85 percent of U.S. firms plan to make real-time payments integral to their operations within three years. However, some firms still feel technical barriers stand in the way. In the January 2020 Making Real-Time Payments A Reality Study, PYMNTS surveyed more than 500 financial executives to examine what it will take to channel RTP interest into real-world adoption. Here’s what we learned.