States Require Equifax To Implement Stronger Anti-Breach Measures

Image of data breach visual

The California Department of Business Oversight (DBO) announced on June 27 an agreement with Equifax, Inc. that requires the credit reporting agency to correct numerous information security deficiencies that led to the 2017 data breach which affected 147 million U.S. consumers, including 15.5 million Californians.

“Equifax’s failure to properly secure confidential personal data caused widespread harm to California consumers,” said DBO Commissioner Jan Lynn Owen in a recent news release. “The breach never should have happened. This order will help ensure it doesn’t happen again.”

Regulators from seven states signed the consent order along with California. The other states included Texas, New York, North Carolina, Massachusetts, Georgia, Alabama and Maine.

In a joint regulatory examination led by Texas, the eight states found deficiencies in several facets of how Equifax operated and managed its information technology systems before the breach.

The consent order requires Equifax to take corrective actions to shore up weaknesses across a wide spectrum of its information technology and data security operations. Areas covered by the order include information security, audit functions, board and management oversight, vendor management, patch management and information technology operations.

Specifically, the company must strengthen oversight of its information security program and critical vendors to ensure sufficient controls are developed to safeguard information. In addition, the company must improve standards and controls for supporting the patch management function.

The board also must bolster oversight of the audit function and approve a written risk assessment identifying foreseeable threats to the confidentiality of personally identifiable information.

Additionally, the consent order imposes deadlines by which Equifax must take corrective actions, and it requires the firm to provide the regulators progress reports.

Pin It