New York proposes stricter regs following Equifax hack

Gov. Andrew Cuomo wants heftier security requirements for credit reporting agencies to better protect consumer data.

Marguerite Reardon Former senior reporter
Marguerite Reardon started as a CNET News reporter in 2004, covering cellphone services, broadband, citywide Wi-Fi, the Net neutrality debate and the consolidation of the phone companies.
Marguerite Reardon
2 min read

In September, a data breach at Equifax exposed the personal information of millions of consumers. 

Getty Images

In the wake of the massive security breach at Equifax, New York Gov. Andrew Cuomo wants credit reporting agencies to follow the same rules as banks and insurance companies to help protect consumers.

The regulations would require companies like Equifax, Experian and Transunion to register with the state's Department of Financial Services and to be subject to the same cybersecurity regulations that banks and insurance companies must follow. The registration requirement would give the state authority to deny or revoke the authorization of these companies to do business in the state or to sue if the company fails to comply with or engages in practices deemed unfair, deceptive or predatory.

New York's cybersecurity regulations, which went into effect in March, require companies take measures to protect consumer data and to report attempted and/or successful hacks to state regulators.

The proposed regulation in New York comes after Equifax announced last week that hackers had stolen more than 200,000 credit card numbers and had gained access to sensitive personal information for 143 million consumers. The incident has gotten the attention of both state and federal regulators who are looking more closely at credit reporting agencies that regularly store consumer information like names, addresses and Social Security numbers.

Watch this: Equifax breach: Were you one of the 143 million affected?

Even though these companies warehouse so much sensitive information, they aren't subject to the same kind of monitoring and auditing from the government that banks and insurance companies are subject to. This regulation will change that in the state of New York.

"The Equifax breach was a wake-up call," Cuomo said in a statement, "and with this action, New York is raising the bar for consumer protections that we hope will be replicated across the nation."

Widespread outrage followed news of the hack, with consumer advocates criticizing Equifax for exposing the consumer data and for providing clumsy customer service after its announcement of the attack.

Equifax is also facing legal action. New York Attorney General Eric T. Schneiderman is investigating the breach, and at least two class-action lawsuits are pending against the company. Federal lawmakers are also introducing legislation in the wake of the breach. Last week Massachusetts Sen. Elizabeth Warren, a Democrat, introduced two bills to help take the sting out of hacks like the one at Equifax, by limiting the use of credit checks by employers for screening potential hires. 

The Smartest Stuff: Innovators are thinking up new ways to make you, and the things around you, smarter.

Batteries Not Included: The CNET team reminds us why tech is cool.