Equifax has signed a consent order with the Department of Financial Services (DFS) and seven other state banking regulators, agreeing to take corrective actions following the company's massive 2017 data breach. Included in the corrective actions is developing a proper risk assessment and improving the Board's oversight of information security information. Equifax will also be required to submit plans for remedial actions and provide written reports outlining progress. DFS led the multi-state examination team on matters relating to cybersecurity and internal audit functions.
This consent decree follows issuance of a final regulation (23 NYCRR 201) earlier this week that will place new restrictions and responsibilities on credit reporting agencies in New York. Credit agencies with significant operations in New York will be required to register annually with the DFS and comply with New York's cybersecurity standards.
Read the DFS press release on the Equifax consent decree.
Kathy Weinheimer, CPCU, AAI
Senior VP Industry Relations