AG Maura Healey: Equifax To Pay $18M After Data Breach

BOSTON (AP) — Attorney General Maura Healey has announced that one of the largest consumer credit reporting agencies in the country, Equifax, has agreed to pay $18.2 million after a massive data breach in 2017 that compromised the personal information of nearly three million Massachusetts residents.

Healey, a Democrat, said Friday that a consent judgment approved by a Suffolk Superior Court judge on April 13 resolves the 2017 suit alleging Equifax failed to patch a known vulnerability in its network, allowing hackers to infiltrate its systems and gain access to the sensitive personal information of least 147 million consumers nationwide.

According to the AG's complaint, unauthorized third parties infiltrated Equifax's computer system through its website for months without the company detecting them and stole sensitive and personal consumer information.

The complaint alleges Equifax lacked sufficient safeguards to protect consumers' personal data and violated Massachusetts law by delaying notice of the breach.

The settlement also requires Equifax to strengthen its security practices and bring them into compliance with Massachusetts law including regular monitoring, identifying critical security updates, minimizing collection of sensitive data, improving account management tools, and allowing third-party assessments of safeguards, Healey said.

(© Copyright 2020 The Associated Press. All Rights Reserved. This material may not be published, broadcast, rewritten or redistributed.)