Skip to main content
Menu Icon
Close

InfoBytes Blog

Financial Services Law Insights and Observations

State judge says Massachusetts can sue credit reporting agency over data breach

Privacy/Cyber Risk & Data Security Courts State Attorney General State Issues Data Breach Credit Reporting Agency

Privacy, Cyber Risk & Data Security

On April 2, a state court judge denied a credit reporting agency’s motion to dismiss claims for violations of state data security regulations. The court stated that while the “mere existence of data breach” does not translate into violations of the state data security regulations, the Massachusetts Attorney General plausibly suggests that the company violated such regulations by knowing of certain vulnerabilities and failing to properly address them. As previously covered by InfoBytes, Massachusetts was the first state to file an action against the credit reporting agency after its September 2017 announcement of a data breach which affected over 143 million consumers.