Attorney General Maura Healey said yesterday she intends to sue Equifax over its failure to protect sensitive and personal information of up to nearly three million Massachusetts residents, following a major data breach at the credit reporting firm.
She is the first state attorney general to announce a formal lawsuit.
“In all of our years investigating data breaches, this may be the most brazen failure to protect consumer data we have ever seen,” Healey said in a statement. “My office is acting as quickly as possible to hold Equifax accountable for the risks that millions of consumers now face.”
The breach, which went public last week, potentially compromised personal information including the social security numbers, dates of birth, names and addresses of 143 million consumers nationwide.
On Friday, Healey launched an immediate investigation to determine the scope of risk to consumers and whether the company had proper safeguards in place to protect consumer information.
The AG’s office also issued guidance for consumers in the wake of the data breach.
The AG’s office intends to allege in its lawsuit that Equifax did not maintain the appropriate safeguards to protect consumer data, which is in violation of Massachusetts consumer protection and data privacy laws and regulations.
Equifax is also under fire from other state attorney generals, who have launched investigations, the Consumer Financial Protection Bureau and many U.S. senators, who are calling on federal regulators to investigate the sale of nearly $2 million in shares by Equifax executives right before the scandal went public.