Notice of Equifax Data Security Breach Statement to Licensees
On September 7, Equifax, one of the major credit reporting agencies, announced a data security breach that stretched from mid-May through July 29, 2017. During this period, hackers accessed names, Social Security numbers, birth dates, addresses, driver license numbers, and credit card numbers.
Financial institutions in our state have maintained an extremely strong security posture; however, they need to be constantly vigilant and assess potential customer impact, develop a proactive and timely customer communication program, and offer services to help protect their customers as fully as possible. Financial institutions can be proactive to mitigate the fallout from the Equifax and other breaches:
- Vendor Management - Ensure vendor security procedures are evaluated and approved, and that agreements identify which party has liability in a breach.
- Patch Management - Verify that all information technology and security patches have been installed as soon as possible.
- Confirm credit report information with your customers - Before originating loans and before denying any loan, confirm credit report information with your customers.
- Monitor customer accounts for unusual activity and issue new cards as necessary.
- Additional security measures - If a customer informs you they were among those whose information was stolen, you can code the customer's account with a "red flag" to contact the customer at a predesignated contact number or email address prior to opening an account, applying for credit, or making any changes on existing accounts. The customer can also contact the major credit reporting bureaus to put a Fraud Alert on their account.
- Provide customers information about preventing and protecting themselves after a data breach.
Equifax set up a website for consumers to check if their information was exposed:
The Consumer Financial Protection Bureau has information about the Equifax breach and protective steps consumers can take: https://www.consumerfinance.gov/about-us/blog/equifax-data-breach-updates/
The Federal Trade Commission also provides information about protecting yourself after a data breach: www.identitytheft.gov/lnfo-Lost-or-Stolen
Commissioner of Business Oversight