New York Regulator Warns Banks Over Equifax Reports

By Jeff Bater

New York state’s top financial regulator is urging banks to confirm the validity of data in Equifax credit reports before relying on the information.

The New York Department of Financial Services (NYDFS) said it issued the guidance Sept. 18 because of the arrangements a number of financial institutions have with Equifax to provide consumer and/or commercial related account and debt information to the credit reporting company.

Earlier in the month, Equifax revealed a data breach affecting 143 million customers. The sensitive personal information apparently compromised -- names, Social Security numbers, birth dates, and addresses -- is prone to significant abuse by criminals in opening accounts at financial institutions, or obtaining credit cards, loans, or other forms of financial services and products, the NYDFS said.

Troubling Attack

“This attack is particularly troubling as the number of affected consumers is incredibly high and the details have not been made known,” said the guidance signed by Maria T. Vullo, NYDFS superintendent.

Among the guidelines, the NYDFS urged New York state chartered and licensed financial institutions to “confirm the validity of information contained in Equifax credit reports (if you receive them) before relying on them for provision of products and services to new applicants, as well as existing clients, as they may have been compromised given the cyberattack.”

Craig A. Newman, a partner with Patterson Belknap Webb & Tyler and chair of its data privacy group, said the fact DFS issued the guidance underscores the data breach’s potential impact on New York chartered banks.

“It’s telling that the guidance specifically calls out Equifax’s data suppliers and warns that any arrangement with Equifax to provide consumer information should receive a ‘very high level of review and attention’ to evaluate the risks involved in continuing to provide information to the credit monitoring agency,” Newman told Bloomberg BNA in an email.

Examining All Reports

Scott Sargent, of counsel at Baker Donelson, said banks should be diligent going forward to carefully examine all credit reports relied on to provide products and services – and not just those from Equifax.

“The information that was compromised may result in a fraudulent account that is ultimately reported to Trans Union and/or Experian,” he told Bloomberg BNA. “Simply switching to Trans Union and Experian services and dropping Equifax won’t stop that. It will be a process that will require more discussion with customers to identify ‘negatives’ on their report and deal with any resulting identity theft that may appear. The credit reports from Trans Union, Experian and Equifax will all be affected by this disclosure.”

To contact the reporter on this story: Jeff Bater in Washington at jbater@bna.com

To contact the editor responsible for this story: Michael Ferullo at MFerullo@bna.com

Copyright © 2017 The Bureau of National Affairs, Inc. All Rights Reserved.