Equifax Must Turn Over NY Breach Data This Week

Patterson Belknap Webb & Tyler LLP
Contact

New York State regulators won’t be letting Equifax, Inc. off-the-hook any time soon for last year’s massive data breach that affected more than 145 million Americans.

In the state’s most recent move, Equifax is required to provide New York Secretary of State Rossana Rosado with breach-related information in 11 separate categories later this week including:

  • Equifax’s plan for making the 8.4 million New Yorkers affected by the breach “whole,” if such a plan exists;
  • A copy of the “comprehensive forensic review” prepared by the company’s outside forensic firm;
  • Listing of the “New York specific data” that was compromised in the hack; and
  • The number of children under the age of 16 affected by the breach “both nationally and within New York.”

Rosado’s request came in a December 27th letter to Equifax Interim CEO Paulino do Rego Barros Jr. 

“This information will assist the Department of State’s Division of Consumer Protection in its ongoing efforts to investigate … the security breach of Equifax’s data,” Rosado wrote, “which exposed the personal information of millions of New Yorkers to criminal enterprise.”

The information was demanded under regulations – adopted and implemented on an emergency basis on December 12th by the New York Department of State – that require credit reporting agencies to respond within 10 days to requests made by the Department of State’s Division of Consumer Protection on behalf of consumers.

The Secretary of State’s investigation is just one of multiple probes ongoing within the state. As we’ve reported, New York Attorney General Eric Schneiderman started an investigation last year as did the New York State Department of Financial Services. DFS issued a subpoena on September 14th seeking documents related to the hack including information concerning when Equifax first learned of it.

On September 18th, as we’ve reported, New York Governor Andrew Cuomo proposed emergency regulations that would bring credit reporting agencies under the state’s cybersecurity regulation which already covers banks, insurance companies and other financial players that operate in the state.

A bill was also introduced late last year by the New York Attorney General to ratchet up much broader efforts to protect consumer information. The bill – called “Stop Hacks and Improve Data Security Act” or “SHIELD” – would require companies to implement “reasonable” data security safeguards to protect consumer information.  We’ve blogged about the SHIELD proposal here, and published a two-part series taking an in-depth look at the proposal here and here.

Stay tuned for further developments.

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Patterson Belknap Webb & Tyler LLP | Attorney Advertising

Written by:

Patterson Belknap Webb & Tyler LLP
Contact
more
less

Patterson Belknap Webb & Tyler LLP on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide

This website uses cookies to improve user experience, track anonymous site usage, store authorization tokens and permit sharing on social media networks. By continuing to browse this website you accept the use of cookies. Click here to read more about how we use cookies.