State financial regulatory agencies entered into a Consent Order on June 25, 2018, with Equifax Inc., requiring the company to take specific action to protect confidential consumer information in the wake of an extensive security breach last year.

Equifax, one of the country’s three major credit reporting agencies, disclosed on September 7, 2017, that a vulnerability in one of its websites was exploited by criminal hackers in May 2017 to gain access to the personal information of an estimated 146 million U.S. consumers. Data accessed through this cybercrime event included individual customer names, Social Security numbers, birth dates, addresses, and related personally identifiable information.

In response to this breach, an examination team composed of state financial regulators from Alabama, California, Georgia, Maine, Massachusetts, New York, North Carolina, and Texas commenced a multi-state examination of the company in November 2017 to evaluate the company’s information security and cybersecurity controls.

The conditions Equifax agreed to in the Consent Order require the company’s board of directors to remediate the deficiencies and unsafe practices that contributed to the breach.

The order subjects Equifax to periodic reporting to the multi-state regulatory agencies regarding remediation efforts. Subsequent on-site regulatory reviews are planned to validate actions reported by the company.

The Consent Order can be viewed from Related Files below.

Related Files