Massachusetts's attorney general said Tuesday that the state would sue credit-reporting firm Equifax over a data breach disclosed last week that affected as many as 143 million Americans.
The office of Attorney General Maura Healey said that an investigation initiated last week revealed that the breach exposed personal information on potentially 3 million Massachusetts residents.
“In all of our years investigating data breaches, this may be the most brazen failure to protect consumer data we have ever seen,” Healey said in a statement Tuesday afternoon. “My office is acting as quickly as possible to hold Equifax accountable for the risks that millions of consumers now face.”
Healey launched an investigation into the incident on Friday, one day after Equifax disclosed the massive breach. The attorney general’s office said Tuesday that it will allege in the lawsuit that Equifax failed to maintain appropriate safeguards protecting consumer data, in violation of Massachusetts consumer protection and data privacy laws and regulations.
Other state attorneys general have also launched investigations into the breach, including those representing New York and Pennsylvania.
Equifax said Thursday evening that hackers maintained unauthorized access to personally identifiable information — including Social Security numbers and addresses — of potentially millions of U.S. consumers between mid-May and July. The company discovered the breach on July 29 and has been working with a private cybersecurity company as well as law enforcement to investigate the breach.
Equifax publicly disclosed the breach Thursday.
The development has precipitated increased scrutiny of Equifax in recent days, with lawmakers in Washington demanding answers from the company on the scope of the breach and its efforts to protect consumers post-hack.
Equifax is offering those affected free credit monitoring and identity theft protection.