In Wake of Equifax Data Breach, Credit Reporting Agencies Made Subject to NY State Cybersecurity Regulations

Dan Clark reports:

Credit reporting agencies will now be required to register with the state and comply with its cybersecurity regulations, the state Department of Financial Services announced Monday.

The new rules are the state’s response to last year’s data breach at Equifax, a credit reporting agency, that exposed the personal information of 143 million people. If a credit reporting agency is found to have violated the new regulations, the DFS will now have the power to block them from serving New York state residents.

Under the new rules, any credit reporting agency that ran more than 1,000 credit reports in New York state in the last year will have to register with the DFS by the beginning of September and then again at the beginning of February each year.

Read more on New York Law Journal(free sub. required)

h/t, Joe Cadillic

Texas Enacts Electronic Health Record Data Localization Law
HB1127 Explained: North Dakota’s New InfoSec Requirements for Financial Corporations
Industry Letter - June 23, 2025: Impact to Financial Sector of Ongoing Global Conflicts
Resource: State Data Breach Notification Laws - June 2025
Oklahoma Expands its Security Breach Notification Law
North Dakota Enacts Financial Data Security and Data Breach Notification Requirements

Related: