Regulators in eight states signed a consent order with a large, national credit reporting agency requiring it to improve its data security and information technology systems in order to prevent potential harm caused by an event akin to its 2017 data breach, wherein hackers stole the personal information of over 147 million people. The multi-state consent order became effective on June 25, 2018.
Although the credit reporting agency says it has taken steps to remedy its data security issues, regulators in the participating states—Texas, California, New York, Massachusetts, North Carolina, Georgia, Alabama and Maine—required it to take further measures to address deficiencies in its current assessment and auditing programs.
The consent order requires that the credit reporting agency:
The consent order may be found here.