Letter from NM Attorney General to Equinox

Print
Category: Non-Local News Releases Non-Local News Releases
Published: 11 September 2017 11 September 2017

Via​ ​Email
Equifax​ ​Inc.
c/o​ ​Phyllis​ ​B.​ ​Sumner King​ ​&​ ​Spalding​ ​LLP 1180​ ​Peachtree​ ​St.​ ​NE Atlanta,​ ​GA​ ​30309 psumner@kslaw.com
Dear​ ​Ms.​ ​Sumner:
STATE​ ​OF​ ​NEW​ ​MEXICO OFFICE​ ​OF​ ​THE​ ​ATTORNEY​ ​GENERAL
HECTOR​ ​H.​ ​BALDERAS ATTORNEY​ ​GENERAL
September​ ​8,​ ​2017
As Attorney General for the State of New Mexico, I have the duty to protect the legal rights of all New Mexicans and to ensure that their privacy interests are protected when they participate in the financial system. Equifax’s recent announcement that it suffered a cybersecurity attack affecting 143 million U.S. customers is therefore gravely concerning. Given the critical information that Equifax collects, including names, social security numbers, birth dates, and account information, this incident creates an unacceptable risk of fraud and identity theft. The people of New Mexico, who have placed their trust and their futures in the financial system,​ ​deserve​ ​a​ ​better​ ​explanation​ ​of​ ​what​ ​happened​ ​and​ ​why.

I am especially concerned about the length of Equifax’s delay prior to notifying affected individuals as well as Equifax’s attempts to limit the legal rights of affected individuals who accept the company’s offer of identity theft and credit monitoring services. Individuals who were victims​ ​of​ ​the​ ​breach​ ​should​ ​not​ ​be​ ​re-victimized​ ​by​ ​Equifax’s​ ​response. 

Please note that the New Mexico Office of the Attorney General takes these matters seriously.​ ​I​ ​am​ ​asking​ ​you​ ​to​ ​therefore​ ​provide​ ​answers​ ​to​ ​the​ ​following​ ​questions:
● How​ ​many​ ​New​ ​Mexico​ ​residents​ ​had​ ​their​ ​personal​ ​information​ ​exposed?
● How did Equifax learn of the breach and what was the earliest date at which Equifax knew or should have known that the personal information of any New Mexico resident
had​ ​been​ ​exposed?
● What​ ​security​ ​measures​ ​did​ ​Equifax​ ​have​ ​in​ ​place​ ​prior​ ​to​ ​the​ ​attack?
● By​ ​what​ ​specific​ ​method​ ​did​ ​the​ ​attacker​ ​gain​ ​access​ ​to​ ​Equifax​ ​systems?
● What​ ​information​ ​has​ ​Equifax​ ​discovered​ ​about​ ​the​ ​identity​ ​of​ ​the​ ​attacker?
● What remedial measures has Equifax put in place to prevent this type of attack from
recurring?
● What form of notice is Equifax providing to New Mexico residents who had their
personal​ ​information​ ​exposed?
I​ ​look​ ​forward​ ​to​ ​hearing​ ​from​ ​you.
Sincerely,
Hector​ ​H.​ ​Balderas