TransUnion and Experian, two of The Big Three credit reporting companies, have received letters from New York Attorney General Eric Schneiderman inquring them about their cybersecurity safeguards in the wake of the massive data breach at rival Equifax.
According to a news report in The Associated Press, the attorney general wants the two companies to describe what security systems they have in place and what changes they are implementing since data on 143 million U.S. customers at Equifax was breached.
“The unprecedented data breach experienced by Equifax, Inc. that affected 143 million Americans — including more than eight million New Yorkers — has raised serious concerns about the security of private consumer information held by the nation’s largest consumer credit reporting agencies,” he wrote in the letter, according to the AP.
New York’s attorney general wants to know if the companies would waive fees for consumers that needed credit freezes because of the hack. “Credit reporting agencies have a fundamental responsibility to protect the personal information they’re entrusted with,” Schneiderman said in a statement to the AP. “As we continue our investigation into the Equifax breach, it’s vital to ensure that consumer data at the other major credit reporting agencies [TransUnion and Experian] is safe.”
The data breach that may have impacted millions of Americans included Social Security numbers, birth dates and other personal information. The disclosure of the Equifax breach has resulted in a huge backlash for Equifax from customers, lawmakers and regulators. The Federal Trade Commission, for example, made the rare public announcement that it was looking into the hack, prompted by the attention the case has generated, and that two executives have already been let go as a result.
In addition to firing the two executives, Equifax said on Friday (Sept. 15) that on July 20, its security team saw “suspicious network traffic” related to its online dispute portal for U.S. customers. After blocking the traffic, the security team saw more of it the next day. Equifax then took it offline, reported the paper.