Home Governance New York governor wants credit-reporting firms to comply with cybersecurity regulations

New York governor wants credit-reporting firms to comply with cybersecurity regulations

Andrew Cuomo

New York Governor Andrew Cuomo recently said that all credit-reporting firms should comply with the state’s cybersecurity regulations. The statement came in the wake of the massive Equifax hack that potentially compromised sensitive information for 143 million American consumers.

The Democrat said in a statement that he has directed the state Department of Financial Services to issue new regulations requiring credit reporting agencies to register in New York for the first time and to comply with the state’s cybersecurity standards. He said consumer credit reporting agencies operating in New York will be required to register annually with Department of Financial Services by Feb. 1, 2018, and by Feb. 1 of each year afterward. The DFS would have the authority to bar credit-reporting agencies from doing business in New York if the state found they failed to comply, the governor said.

“The Equifax breach was a wake-up call,” Cuomo said. “And with this action, New York is raising the bar for consumer protections that we hope will be replicated across the nation.”

After the close of trading on September 7, 2017, Equifax disclosed that its databases had been breached between May and June 2017, that hackers had gained access to Company data that potentially compromised sensitive information for 143 million American consumers, including Social Security numbers, credit card numbers and driver’s license numbers.  Equifax discovered the breach on July 29, 2017, but had waited until after the close of trading nearly six weeks later to disclose the breach to consumers and Equifax’s investors.

The breach opened a floodgate of lawsuits against Equifax. Murphy, Falcon & Murphy filed a national class action lawsuit on behalf of over 143 million consumers whose personal information, social security numbers, birth dates, names, addresses, driver’s license information and credit loan balances, were stolen. Scott Cole, class action veteran and founder of Oakland-based Scott Cole & Associates, also announced the filing of a class action lawsuit against Equifax for “negligence, violations of fair credit reporting and deceptive business practices.” The breach also led to the ouster of the company’s Chief Information Officer and Chief Security Officer.