State Regulators Enter into Consent Order with Equifax
Today, eight state financial regulators entered into a consent order with Equifax, Inc. The order addresses serious deficiencies in the company’s cybersecurity program that resulted in the breach of personal data of almost 150 million consumers last year.
- Financial regulators from eight states led the action. The states represented are: Alabama, California, Georgia, Maine, Massachusetts, New York, North Carolina and Texas.
- The consent order arose from a joint examination these regulators performed of the company.
- In the consent order, Equifax agreed to dramatically improve how it protects personally identifiable information. The company will undertake a restructuring of its risk management processes, strengthening of internal controls and processes, and enhanced oversight by the Board of Directors on the information security program.
- The corrective actions will apply to Equifax’s operations nationwide.
- Compliance with the consent order will be subject to regulator approval. Follow-up reports are required from the company.
- The consent order preserves the right of individual states to bring additional actions.