Via Email
Equifax Inc.
c/o Phyllis B. Sumner King & Spalding LLP 1180 Peachtree St. NE Atlanta, GA 30309 psumner@kslaw.com
Dear Ms. Sumner:
STATE OF NEW MEXICO OFFICE OF THE ATTORNEY GENERAL
HECTOR H. BALDERAS ATTORNEY GENERAL
September 8, 2017
As Attorney General for the State of New Mexico, I have the duty to protect the legal rights of all New Mexicans and to ensure that their privacy interests are protected when they participate in the financial system. Equifax’s recent announcement that it suffered a cybersecurity attack affecting 143 million U.S. customers is therefore gravely concerning. Given the critical information that Equifax collects, including names, social security numbers, birth dates, and account information, this incident creates an unacceptable risk of fraud and identity theft. The people of New Mexico, who have placed their trust and their futures in the financial system, deserve a better explanation of what happened and why.
I am especially concerned about the length of Equifax’s delay prior to notifying affected individuals as well as Equifax’s attempts to limit the legal rights of affected individuals who accept the company’s offer of identity theft and credit monitoring services. Individuals who were victims of the breach should not be re-victimized by Equifax’s response.
Please note that the New Mexico Office of the Attorney General takes these matters seriously. I am asking you to therefore provide answers to the following questions:
● How many New Mexico residents had their personal information exposed?
● How did Equifax learn of the breach and what was the earliest date at which Equifax knew or should have known that the personal information of any New Mexico resident
had been exposed?
● What security measures did Equifax have in place prior to the attack?
● By what specific method did the attacker gain access to Equifax systems?
● What information has Equifax discovered about the identity of the attacker?
● What remedial measures has Equifax put in place to prevent this type of attack from
recurring?
● What form of notice is Equifax providing to New Mexico residents who had their
personal information exposed?
I look forward to hearing from you.
Sincerely,
Hector H. Balderas