Massachusetts has filed a lawsuit against a credit-reporting firm for allegedly failing to protect the sensitive and personal information of nearly three million of its residents.
This marks the first enforcement against the firm, following a breach from May to July this year that exposed the personal data of some 143 million people. According to the lawsuit, the company knew about the breach around 29 July yet did not notify the Massachusetts until 7 September.
“We allege that Equifax knew about the vulnerabilities in its system for months, but utterly failed to keep the personal information of nearly three million Massachusetts residents safe from hackers,” said state Attorney General Maura Healey. “We are suing because Equifax needs to pay for its mistakes, make our residents whole, and fix the problem so it never happens again.”
Citing Equifax, the Federal Trade Commission said hackers accessed people’s names, Social Security numbers, birth dates, addresses and, in some instances, driver’s license numbers. They also stole credit card numbers for about 209,000 people and dispute documents with personal identifying information for about 182,000 people.
The lawsuit seeks civil penalties, disgorgement of profits, restitution, costs, and attorneys’ fees. The Healey’s Office also seeks injunctive relief to prevent harm to Massachusetts residents resulting from the company’s actions and inaction.
Related stories:
Corrs launches rapid-response cybersecurity team
4 in 10 law firms don’t know they’ve been hacked