New York City

After Equifax fiasco, Cuomo orders NYS to clamp down on credit reporting agencies

September 18, 2017 By Mary Frost Brooklyn Daily Eagle
Gov. Andrew Cuomo. AP file photo by Mile Groll
Share this:

If you have any kind of credit, there’s a good chance that you’re one of the 143 million Americans whose personal information was exposed in a cyberattack on credit reporting agency Equifax.

To help prevent this type of attack in the future, Gov. Andrew Cuomo on Monday said he is directing the NY Department of Financial Services (DFS) to issue regulations requiring credit reporting agencies to register and comply with a new cybersecurity standard.

An annual reporting obligation will provide the DFS superintendent with the authority to deny and potentially revoke a consumer credit reporting agency’s authorization to do business in New York.

Cuomo called the breech a wakeup call.

“A person’s credit history affects virtually every part of their lives and we will not sit idle by while New Yorkers remain unprotected from cyberattacks due to lax security,” he said in a statement. “Oversight of credit reporting agencies will help ensure that personal information is less vulnerable to cyberattacks and other nefarious acts in this rapidly changing digital world.”

According to the Federal Trade Commission, the hackers accessed people’s names, Social Security numbers, birth dates, addresses, credit card numbers and, in some instances, driver’s license numbers. They also stole credit card numbers for about 209,000 people and dispute documents with personal identifying information for about 182,000 people. (To learn what you can do to protect yourself after this breech visit

The state could refuse to renew a consumer credit reporting agency’s registration if the DFS superintendent finds that the applicant is not trustworthy or competent.

Besides outright fraud, the rules would also prohibit the omission of material information in a person’s credit report, or presenting inaccurate information.

DFS’s cybersecurity regulation would requires banks, insurance companies and other financial services institutions to have a cybersecurity program designed to protect consumers’ private data.


Leave a Comment

Leave a Comment