Equifax agreed to a number of security measures put in place by financial regulators in eight states in response to the breach that compromised the personal information of more than 147 million people.
Regulators in Alabama, California, Georgia, Maine, Massachusetts, New York, North Carolina and Texas set in place specific steps the credit bureau must follow including annual security audits, the development of written protection policies and guides, better monitoring of its third-party vendors, and improving its patch management system, according to The New York Times.
Since the 2017 breach, Equifax has spent nearly $243 million in legal fees, credit monitoring services, and security improvements, and said it already has fulfilled “a good number” of the measures it agreed to in the order.
If Equifax were to renege on any of its commitments state regulators will be able to take punitive action.