Inventory
info icon
Single family homes on the market. Updated weekly.Powered by Altos Research
682,150-7865
30-yr Fixed Rate30-yr Fixed
info icon
30-Yr. Fixed Conforming. Updated hourly during market hours.
6.88%0.02
MortgageRegulatory

Indiana sues Equifax over 2017 mega-breach that exposed Social Security numbers

State AG Curtis Hill cites “irresponsible business activities”

Indiana Attorney General Curtis Hill filed a lawsuit Monday against Equifax seeking consumer restitution and penalties related to the 2017 breach that exposed the Social Security numbers and other personal data of more than half the adult population of America.

“This action against Equifax results from an extensive investigation, and we will continue our diligent efforts to protect consumers from illegal or irresponsible business activities,” Hill said.

The suit cites Congressional testimony by Equifax’s former CEO Richard Smith in which he acknowledged that the U.S. Department of Homeland Security notified the company in March 2017 about vulnerability in software the company was using. There was a patch, or update, that could have fixed the problem before attackers gained entry to the system, but Equifax didn’t apply it, Smith told the committee.

Criminals breached the Equifax system two months later, and stole information that, in addition to Social Security numbers, included passport numbers, driver’s license numbers, emails and credit card information of about 148 million people, Equifax said in regulatory filings. In July 2017, Equifax discovered the data breach, but didn’t let people know for another month and a half, the company said.

Equifax did not return a phone call and an email from HousingWire seeking comment.

The lawsuit also cites a report by the U.S. House of Representatives Committee on Oversight and Government Reform that found the breach was “entirely preventable.”

The Government Accountability Office released a report in March recommending the Consumer Financial Protection Bureau and the Federal Trade Commission expand oversight of credit reporting agencies.

In February, Equifax said in regulatory filings the CFPB and the FTC have notified the company they expect to seek “injunctive relief damages” related to the 2017 data breach. Beyond that, the CFPB plans to seek “civil money penalties,” Equifax said.

Equifax said it has submitted written responses to both agencies addressing the allegations, and said it continues to cooperate with the investigations.

Most Popular Articles

Latest Articles

Lower mortgage rates attracting more homebuyers 

An often misguided premise I see on social media is that lower mortgage rates are doing nothing for housing demand. That’s ok — very few people are looking at the data without an agenda. However, the point of this tracker is to show you evidence that lower rates have already changed housing data. So, let’s […]

3d rendering of a row of luxury townhouses along a street

Log In

Forgot Password?

Don't have an account? Please