Nearly three million residents of Massachusetts were among the roughly 140 million people whose personal data was compromised in a hacking of Equifax, the credit monitoring company.
The breach exposed the social security and credit card numbers of some 2.9 million Massachusetts residents. That’s according to information filed with state officials Friday and obtained by WGBH News, one day after the company first publicly disclosed the breach — more than a month after it says it knew data had been compromised.
Massachusetts law requires companies to disclose data breaches within a “reasonable time.” They must also notify residents by mail.
The company is required to disclose such breaches to two state offices: the Attorney General's Office and the Office of Consumer Affairs and Business Regulation. WGBH obtained a copy of a disclosure made to the latter office, which said that 2.9 million individuals in Massachusetts were affected.
See the original document
State Attorney General Maura Healey, whose office must also be notified of data breaches involving state residents, and which has enforcement powers, did not return a request Friday by WGBH News for information specific to Equifax disclosures to the state.
But in a statement released Friday afternoon, Healey acknowledged that the office had been contacted by Equifax. She urged those affected to take action — but warned that although Equifax has offered free monitoring services to those affected, those services are not yet available.