Massachusetts Attorney General Maura Healey filed suit against Equifax on Tuesday, alleging that the credit reporting company ignored obvious cybersecurity vulnerabilities for months before hackers accessed the personal information of as many as 140 million people.
Healey, a Democrat, said Equifax “utterly failed to keep the personal information of nearly three million Massachusetts residents safe from hackers” and waited too long to disclose the hack.
“We are suing because Equifax needs to pay for its mistakes, make our residents whole, and fix the problem so it never happens again,” Healey said.
The lawsuit was filed in Boston’s Suffolk County Superior Court and alleges that Equifax violated several state consumer protection and data security laws.
Healey said the suit is seeking restitution for the 3 million Massachusetts residents whose information was exposed to hackers between May and July of this year, along with legal protection from fraud resulting from the hack. The suit also seeks to strip Equifax of corporate profits from the time of the hack.
Healey is one of several state attorneys general seeking action against Equifax. Her New York counterpart, fellow Democrat Eric Schneiderman, launched an investigation into the company last week. Both are considered rising stars in the Democratic Party and potential gubernatorial or Senate candidates.
Several congressional committees have also started investigating Equifax, along with the Federal Trade Commission. Lawmakers have also called on the Securities and Exchange Commission to investigate why three former Equifax executives sold millions in company stock after the security breach was discovered.