The New York Credit Union Association is joining a group of credit unions and associations suing Equifax over its shoddy data protection practices. The suit seeks to recover the costs borne by credit unions in the aftermath of the Equifax data breach and to impose operational changes on the credit reporting agency’s operations.
The massive breach allowed hackers to access the information of over 145 million consumers and the payment card data of more than 200,000 consumers.
Equifax confirmed that the compromised information included consumers’ Social Security numbers, birthdays, addresses and driver’s license numbers, as well as payment card information.
“It is past time for merchants and third-parties—including credit bureaus—to get serious about protecting consumer data,” said Association President/CEO William J. Mellin. “New York credit unions are subject to strict data security standards and they expend enormous resources ensuring their member data is secure. Yet time and time again, credit unions and their member-owners are forced to deal with the increasingly exorbitant costs of breaches that occur outside of the credit union. Enough is enough.”
In addition to the legal action, the Association has been pushing for legislation at the state and federal levels that would hold merchants and third-party vendors to the same data security standards as financial institutions. Specifically, the Association is seeking a provision that would ensure financial institutions have the ability to recover costs associated with data breaches caused by merchant or third-party negligence.