Inventory
info icon
Single family homes on the market. Updated weekly.Powered by Altos Research
722,032+456
30-yr Fixed Rate30-yr Fixed
info icon
30-Yr. Fixed Conforming. Updated hourly during market hours.
6.99%0.00
MortgageRegulatory

Indiana sues Equifax over 2017 mega-breach that exposed Social Security numbers

State AG Curtis Hill cites “irresponsible business activities”

Indiana Attorney General Curtis Hill filed a lawsuit Monday against Equifax seeking consumer restitution and penalties related to the 2017 breach that exposed the Social Security numbers and other personal data of more than half the adult population of America.

“This action against Equifax results from an extensive investigation, and we will continue our diligent efforts to protect consumers from illegal or irresponsible business activities,” Hill said.

The suit cites Congressional testimony by Equifax’s former CEO Richard Smith in which he acknowledged that the U.S. Department of Homeland Security notified the company in March 2017 about vulnerability in software the company was using. There was a patch, or update, that could have fixed the problem before attackers gained entry to the system, but Equifax didn’t apply it, Smith told the committee.

Criminals breached the Equifax system two months later, and stole information that, in addition to Social Security numbers, included passport numbers, driver’s license numbers, emails and credit card information of about 148 million people, Equifax said in regulatory filings. In July 2017, Equifax discovered the data breach, but didn’t let people know for another month and a half, the company said.

Equifax did not return a phone call and an email from HousingWire seeking comment.

The lawsuit also cites a report by the U.S. House of Representatives Committee on Oversight and Government Reform that found the breach was “entirely preventable.”

The Government Accountability Office released a report in March recommending the Consumer Financial Protection Bureau and the Federal Trade Commission expand oversight of credit reporting agencies.

In February, Equifax said in regulatory filings the CFPB and the FTC have notified the company they expect to seek “injunctive relief damages” related to the 2017 data breach. Beyond that, the CFPB plans to seek “civil money penalties,” Equifax said.

Equifax said it has submitted written responses to both agencies addressing the allegations, and said it continues to cooperate with the investigations.

Most Popular Articles

3d rendering of a row of luxury townhouses along a street

Log In

Forgot Password?

Don't have an account? Please