- Division of Banks
- Office of Consumer Affairs and Business Regulation
Media Contact for Massachusetts Division of Banks joins multi-state Consent Order Against Equifax Inc.
Jacqueline Horigan, Public Outreach
Boston, MA — The Baker-Polito Administration’s Division of Banks (Division) and state financial regulators from seven states announced have announced they entered into a Consent Order this week with Equifax Inc. requiring the company to take specific action to protect confidential consumer information in the wake of an extensive security breach last year.
Equifax, one of the country’s three major credit reporting agencies, disclosed on September 7, 2017, that criminal hackers exploited a U.S. website application vulnerability in May 2017 to gain access to the personal information of an estimated 146 million U.S. consumers. Data accessed through this cybercrime event included individual customer names, Social Security numbers, birth dates, addresses, and related personally identifiable information.
In response to this breach, an examination team composed of state financial regulators from Alabama, California, Georgia, Maine, Massachusetts, New York, North Carolina, and Texas commenced a multi-state examination of the company in November 2017 to evaluate the company’s information security and cybersecurity controls.
“It was important for the Division to take prompt action on behalf of the nearly 3 million Massachusetts residents affected by the breach,” said Commissioner of Banks Terence McGinnis. “Working with my counterparts from other states, we joined a team led by Texas Commissioner Charles G. Cooper to help ensure that personally identifiable information (PII) of consumers across the country is appropriately safeguarded.”
“As one of the two entities that must be notified of a data breach, this Consent Order is welcome news. Consumers were angry and concerned following the disclosure of the Equifax breach and they deserve to have stronger safeguards in place to ensure the protection of their personal information,” said John Chapman, Undersecretary for the Office of Consumer Affairs and Business Regulation.
The conditions Equifax agreed to in the Consent Order require the company’s board to remediate the deficiencies and unsafe practices that contributed to the breach. The order subjects Equifax to periodic reporting to the multi-state regulatory agencies regarding remediation efforts. Subsequent on-site regulatory reviews are planned to validate actions reported by the company.
The Consent Order can be viewed here.
The Baker-Polito Administration’s Office of Consumer Affairs and Business Regulation along with its five agencies work together to achieve two goals: to protect and empower consumers through advocacy and education, and to ensure a fair playing field for all Massachusetts businesses. The Office also oversees the state’s Lemon Laws, data breach reporting, Home Improvement Contractor Program, and the state’s Do Not Call Registry. Follow the office at its blog, on Facebook, and on Twitter @Mass Consumer.
The Division of Banks is an agency within the Office of Consumer Affairs and Business Regulation, which oversees state-chartered banks and credit unions, check sellers, debt collectors, foreign transmittal agencies, mortgage lenders, and brokers. For more information visit the Division’s website at www.mass.gov/dob or contact the Division of Bank’s Consumer Hotline at 1-800-495-BANK (2265).