New York Attorney General Eric Schneiderman is already investigating the massive data breach at Equifax that exposed the personal information of 143 million U.S. consumers.
Now, New York’s top cop wants to make sure that a similar incident doesn’t take place at the other two of the big three credit reporting agencies – Experian and Transunion.
Schneiderman’s office sent letters to the CEOs of Experian and Transunion this week, pressing both companies about their cybersecurity measures.
“The unprecedented data breach experienced by Equifax Inc. that affected 143 million Americans – including more than 8 million New Yorkers – has raised serious concerns about the security of private consumer information held by the largest consumer credit reporting agencies,” Schneiderman’s office states in the letter. “The breach is also imposing costs on consumers who wish to protect themselves and their access to credit from criminals who would misuse the breached data.”
The letters ask each company to detail the security measures that each company had in place before it learned of the Equifax breach; steps each company has taken since learning of the breach to ensure that they won’t fall victim to a similar cyber attack, and how each company will assist consumers in protecting their personal information.
Specifically, the letters lay out five questions that Schneiderman’s office wants answers to:
What security measures did TransUnion (Experian) have in place to ensure the safety of private consumer information before it learned of the Equifax breach, including but not limited to administrative safeguards, technical safeguards, and physical safeguards, as well any best practices or certifications of compliance with any data security regulations or leading standards?
What steps has TransUnion (Experian) taken since learning of the Equifax breach to ensure that TransUnion (Experian) has not already suffered any similar intrusions?
What steps has TransUnion (Experian) taken since learning of the Equifax breach to ensure that it does not experience breaches going forward? Please address steps to prevent both malicious hacking as well as breaches caused by employee negligence.
What steps has TransUnion (Experian) taken since learning of the Equifax breach to help consumers implement additional protections for their private data in TransUnion’s (Experian’s) possession?
Will TransUnion (Experian) consider waiving any fees it currently charges for New York consumers who wish to implement and manage a credit freeze for their files through TransUnion (Experian)?
Schneiderman’s office requests answers to the questions by Sept. 21, 2017.
“The Equifax breach has left millions of New Yorkers vulnerable to identity theft and major financial issues,” Schneiderman said in a statement.
“Credit reporting agencies have a fundamental responsibility to protect the personal information they’re entrusted with,” Schneiderman added. “As we continue our investigation into the Equifax breach, it’s vital to ensure that consumer data at the other major credit reporting agencies is safe.”