September 19, 2017

Equifax Data Suppliers Urged by DFS to Give Hack “Highest Degree of Attention”

+ Follow Contact

Send

Embed

Yesterday, New York’s top financial regulator asked state-chartered banks and insurers to take immediate precautions to protect consumers and the financial markets “in light of the cybersecurity attack” at Equifax Inc.

In guidance issued to financial institutions and insurance companies, the New York State Department of Financial Services (DFS) urged institutions that supply consumer data to Equifax to “ensure that this incident receives the highest degree of attention and vigilance.” The guidance, Superintendent Maria T. Vullo said, “supports DFS’s first-in-the-nation cybersecurity regulation.”

If an “institution provides consumer of commercial related account and debt information to Equifax under any arrangement,” the guidance said, the company must “ensure that the terms of the arrangement receive a very high level of review and attention to determine any potential risk associated with the continued provision of data in light of this cyberattack.”

Superintendent Vullo called the scale of the Equifax attack “unprecedented” and said that the DFS was prepared “to take immediate action” to protect New York consumers and ensure the soundness of the state’s financial services industry.

The guidance also urges banks and insurers to install software patches on their information technology systems, and ensure that fraud and identity theft protocols were implemented before any new account is opened, credit card issued or loan approved. It also asked that the validity of any information provided by Equifax — including credit reports — be confirmed before relying on them to make credit decisions. And, suggested the guidance, financial institutions should consider contacting customers that might have been hacked before opening credit lines in their names.

DFS issued the guidance shortly after New York Governor Andrew Cuomo called the Equifax breach a “wake up call” and directed DFS to propose a regulation requiring credit reporting agencies to comply with the state’s new cybersecurity regulation. The proposed regulation — issued shortly after Cuomo’s appeal — is subject to a 45-day comment period.

Send Print Report

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

Written by:

Patterson Belknap Webb & Tyler LLP

Contact + Follow

less

PUBLISH YOUR CONTENT ON JD SUPRA NOW

Increased visibility
Actionable analytics
Ongoing guidance

Learn More

Published In:

Credit Reporting Agencies

+ Follow

Credit Reports

+ Follow

Cyber Attacks

+ Follow

Data Breach

+ Follow

Equifax

+ Follow

Financial Services Industry

+ Follow

Hackers

+ Follow

Identity Theft

+ Follow

New Guidance

+ Follow

NYDFS

+ Follow

Personally Identifiable Information

+ Follow

Popular

+ Follow

State Charters

+ Follow

General Business

+ Follow

Finance & Banking

+ Follow

Insurance

+ Follow

Privacy

+ Follow

Science, Computers & Technology

+ Follow

less

Patterson Belknap Webb & Tyler LLP on:

Equifax Data Suppliers Urged by DFS to Give Hack “Highest Degree of Attention”

Related Posts

Written by:

PUBLISH YOUR CONTENT ON JD SUPRA NOW

Published In:

Patterson Belknap Webb & Tyler LLP on:

"My best business intelligence, in one easy email…"