Post-Equifax, States Crack Down On Cybersecurity

October 18, 2017

The Equifax breach has prompted a number of states to launch investigations of the company and has triggered enforcement actions in at least one state, Massachusetts. The complaint, filed by Attorney General Maura Healey, alleges that Equifax violated state law by failing to safeguard customer data or provide timely notice of the breach and that it engaged in unfair and deceptive trade practices by failing to abide by its own promised cybersecurity standards. Massachusetts focuses on the failure of Equifax to use a patch for an Adobe program that was known to be vulnerable and is thought to have contributed to the epic hack. That patch is said to have been out and available two months before the hack occurred. In New York, a data security act proposed by AG Eric T. Schneiderman would tighten data security standards, broaden the definition of personal information and provide an incentive for timely reporting of breaches to enforcement agencies by establishing that, if done for the purpose of a breach investigation, it would not waive privilege.

Read full article at:

Daily Updates

Sign up for our free daily newsletter for the latest news and business legal developments.

Scroll to Top