Equifax, which is already facing inquiries from the Consumer Financial Protection Bureau, the House Financial Services Committee, and the office of New York Attorney General Eric Schneiderman over the credit reporting agency’s massive data breach, has a new problem on its hands – Massachusetts Attorney General Maura Healey.
On Tuesday, Healey announced that Massachusetts plans to sue Equifax over failing to protect the personal information of millions of the state’s residents.
According to Healey’s office, of the 143 million U.S. consumers whose personal information was exposed in the breach, nearly three million were from Massachusetts.
And Healey wants answers.
“In all of our years investigating data breaches, this may be the most brazen failure to protect consumer data we have ever seen,” Healey said in a statement. “My office is acting as quickly as possible to hold Equifax accountable for the risks that millions of consumers now face.”
In the wake of Equifax’s announcement of the breach, Healey’s office said that it would be launching an immediate investigation to “determine the scope of risk to consumers and whether the company had proper safeguards in place to protect consumer information.”
Now, Massachusetts plans to sue the credit reporting agency.
According to Healey’s office, the state’s lawsuit will alleged that that Equifax, “did not maintain the appropriate safeguards to protect consumer data in violation of Massachusetts consumer protection and data privacy laws and regulations.”
Healey’s office notes that in most circumstances, the Massachusetts Consumer Protection Act requires the attorney general’s office to send a five-day notice to companies it intends to sue.
Healey’s office said it sent such a letter to Equifax on Tuesday.