NEW YORK (AP) — State and federal authorities are proposing tougher regulations against Equifax and the entire credit monitoring industry after the company announced that personal information like Social Security numbers of about 143 million Americans was exposed.
This is on top of the lawsuits already filed against Equifax by state attorneys general, and a multitude of lawsuits filed that are seeking class-action status.
Here’s the latest on the breach:
New York clamps down
New York Gov. Andrew Cuomo is proposing new state regulations for credit reporting agencies. The Democratic governor announced Monday that he’s directed the state Department of Financial Services to issue new rules requiring credit reporting agencies to register in New York for the first time and to comply with the state’s cybersecurity standards.
The proposal would require Equifax and similar firms to adhere to the same consumer protection rules the state imposes on banks and insurance companies.
Credit bureaus like Equifax are lightly regulated compared to other parts of the financial system.
Democrats want more regulations
Senators from Massachusetts, Connecticut and Rhode Island are pushing new bills as well. Massachusetts Sen. Elizabeth Warren introduced legislation aimed at giving control over credit and personal information to consumers and preventing credit reporting agencies from profiting off of consumers’ information during a freeze.
Massachusetts Sen. Edward Markey joined with Connecticut Sen. Richard Blumenthal and Rhode Island Sen. Sheldon Whitehouse to introduce a bill giving consumers the right to stop data brokers from selling personal information for marketing purposes.
Warren also sent letters to credit reporting agencies Equifax, TransUnion and Experian and requested the Federal Trade Commission and Consumer Financial Protection Bureau launch an investigation into consumer data security.
What is Equifax doing?
Along with bulking up its call centers and waiving fees for credit freezes, Equifax announced late Friday that its chief information officer and chief security officer would be leaving the company immediately.
The credit data company — under intense pressure since it disclosed last week that hackers accessed the Social Security numbers, birthdates and other information — also released a detailed, if still muddled, timeline of how it discovered and handled the breach.
Equifax said that Susan Mauldin, who had been the top security officer, and David Webb, the chief technology officer, are retiring.
Mauldin is being replaced by Russ Ayers, an information technology executive inside Equifax. Webb is being replaced by Mark Rohrwasser, who most recently was in charge of Equifax’s international technology operations.
Company executives are also under scrutiny. Equifax’s CEO has been called to testify before Congress on Oct. 3.
And three Equifax executives sold shares worth a combined $1.8 million just a few days after the company discovered the breach. Equifax said the three executives “had no knowledge that an intrusion had occurred at the time.”
Equifax’s stock has fallen more than a third since the scandal broke.
What should I do?
Consumers should be vigilant and diligent. That means:
- Closely monitoring their credit reports, which are available free once a year, and stagger them to see one every four months.
- Keeping watch, possibly for a long time. Scammers who get ahold of the data could use it at any time — and with 143 million to choose from, they may be patient.
- Considering freezing your credit reports. That stops thieves from opening new credit cards or loans in your name, but it also prevents you from opening new accounts. So if you want to apply for something, you need to lift the freeze a few days beforehand.