According to the AG’s complaint, unauthorized
third parties infiltrated Equifax’s computer
system through its website for months without
the company detecting them and stole sensitive
and personal consumer information.
The complaint alleges Equifax lacked sufficient
safeguards to protect consumers’ personal data
and violated Massachusetts law by delaying
notice of the breach.
The settlement also requires Equifax to
strengthen its security practices and bring
them into compliance with Massachusetts law
including regular monitoring, identifying critical
security updates, minimizing collection of
sensitive data, improving account management
tools, and allowing third-party assessments of
safeguards, Healey said.