BOSTON (CBS) — Massachusetts Attorney General Maura Healey’s office announced Tuesday that it is suing credit reporting firm Equifax over the data breach that left millions of their customers’ personal information vulnerable.
The data breach exposed the information of about 143 million Americans from May to July–nearly three million of them from Massachusetts.
Healey’s suit alleges the company didn’t do enough to protect that information.
“We allege that Equifax knew about the vulnerabilities in its system for months, but utterly failed to keep the personal information of nearly three million Massachusetts residents safe from hackers,” Healey said in a release. “We are suing because Equifax needs to pay for its mistakes, make our residents whole, and fix the problem so it never happens again.”
Healey’s office launched an investigation into the breach last week.
The company, which is based in Atlanta, said earlier this month that “criminals” exploited their site to access customers’ names, Social Security numbers, birth dates, addresses, and drivers’ license numbers–as well as credit card numbers for about 209,000 customers. The hackers likely stole that information.
“Although fixes for the computer code vulnerability were available to Equifax and posted on at least one U.S. Government website, the company failed to implement the recommended fixes, or otherwise put in place other safeguards and security controls, such as encryption, that would sufficiently protect consumers’ personal data,” Healey’s office said.
According to Healey’s lawsuit, Equifax also didn’t notify the AG’s office or the affected Massachusetts customers in a timely manner–finding out about the breach on July 29 but not telling customers or the AG’s office until September 7.
The suit is seeking “civil penalties, disgorgement of profits, restitution, costs, and attorney’s fees,” as well as ways to protect customers whose information may have been stolen in the breach.
Several senators, including Mass. Senators Ed Markey and Elizabeth Warren, have filed legislation in reaction to the breach.
To find out if you are potentially impacted by the breach, please go to www.equifaxsecurity2017.com.