State Of Indiana Sues Equifax Over 2017 Data Breach

The massive data breach exposed the credit information of 150 million Americans, including almost 4 million in Indiana.

(Indianapolis, Ind.) – The State of Indiana wants Equifax to pay for exposing the information on nearly four million people in the state. 

The state filed a lawsuit Monday over the 2017 data breach at Equifax. The breach at one of the world’s largest credit reporting bureaus resulted in almost 150 million people across the country having their information exposed, including 3.9 million Hoosiers.  

“Data breaches such as this one cause real harm to real people,” Indiana Attorney General Curtis Hill said. “Hoosiers trust us to work hard every day to ensure their safety and security. This action against Equifax results from an extensive investigation, and we will continue our diligent efforts to protect consumers from illegal or irresponsible business activities.”

The lawsuit seeks civil penalties, consumer restitution, costs and injunctive relief.

The U.S. House of Representatives Committee on Oversight and Government Reform investigation concluded the breach from May 13 through July 30, 2017 was “entirely preventable.”

Indiana's lawsuit says Equifax prioritized profits over data security. During the time the break took place, according to the AG, the company also pursued aggressive cost-cutting measures that included the outsourcing of some of the company’s mission-critical systems. That outsourcing led to understaffing of vital functions and treated patching and vulnerability remediation as unimportant.

Also, the company is accused of violating Payment Card Industry standards, including storing some consumer payment card information in clear text.

Hill’s office said that Equifax knew PCI certification required all components of the payment card processing system and connected network to comply with the PCI standards. To date, no entity fully compliant with PCI Data Security Standard appears to have been breached. 

“Despite its knowledge, Equifax made a conscious choice to break the rules. It continues to break the rules even today, continuing to expose consumers to risks without warning. Equifax continues to accept and process payment cards in its U.S. operations, despite the fact that as of April 29 its full U.S. operations still had not been certified as compliant, as required by the PCI rules,” according to the Office of the Indiana Attorney General.

More from Local News


Accused Strip Bar Robber Enters Not Guilty Plea

Francisco Vazquez has been ordered to have no contact with the victims.

Pop Machine Thief Caught On Camera, But Still At-Large

Can you help police identify this suspect who broke into two vending machines in West Harrison?

Interstate 74 Lane Closures Tuesday

I-74 lanes will be restricted Tuesday, August 20 from 9:00 a.m. until 2:00 p.m.

Beacon Ortho: As School Begins, Remember To Lighten Up

Doctors with Beacon Orthopaedics & Sports Medicine say schoolchildren's backpacks can cause harm if they get too weighed down with books and other items.

Local Sports Report - August 16 & 17

The first big weekend of fall sports included soccer, volleyball, golf, and cross country.

Local Sports Report - August 15

Franklin County's Gracie Graf carded a 9-hole round of 40 to help with Wildcats defeat New Castle Thursday.

On Air

Bubba Bo playing
Zac Brown Band - Knee Deep

Keith Urban You Look Good In My Shirt 6:11
Garth Brooks Dive Bar 6:05
George Strait Cowboys Like Us 5:56
Miranda Lambert It All Comes Out In The Wash 5:52