TRENTON – Senator Shirley K. Turner today called on New Jersey’s Attorney General Christopher Porrino to join other states in investigating Equifax for an extensive security breach that was discovered July 29, but not announced until last week. The security breach exposed the personal data of approximately 143 million Americans, including nearly 4 million New Jerseyans, making them vulnerable to identity theft, scams, fraud, and other deceptions.
“New Jersey’s law requires any business that conducts business in New Jersey to provide disclosure of any breach of security in the most expedient time possible and without unreasonable delay,” said Senator Turner. “Instead, the company sat on the information, which prevented New Jersey residents from taking precautionary steps to protect themselves and their information. The only expedient action was on the part of three executives who chose to protect their own financial health by selling their stocks while the financial health of 4 million New Jerseyans remained at risk.”
Senator Turner was the sponsor of New Jersey’s Identity Theft Protection Act, enacted in 2005, which established notification requirements in event of a business’ security breach. In addition to requiring a timely notification, the law requires notice to be made by one of several methods, including written or electronic notice, notification to major statewide media, or conspicuous posting on the Internet website page of the business or public entity.
“Equifax’s colossal failure must be investigated, and we need to take additional action to protect consumers,” said Senator Turner. “We need to hold companies accountable for violations of the law and their practices that place consumers’ sensitive, personal information at risk. However, we also need to empower consumers so they can stay one step ahead of the risk.”
Since Equifax’s announcement last week, Massachusetts has filed a lawsuit and four other states are investigating the breach. Senator Turner said that she will be introducing legislation to amend the Identity Theft Protection Act to provide a specific timeline for companies to provide notification of a security breach so that there is no question about how quickly New Jersey consumers must be notified.