The New York Times reports that Equifax has agreed to a consent order with eight state financial regulators in response to the breach that allowed hackers to steal sensitive personal information on more than 147 million people last year. The order describes specific steps that Equifax must take, including conducting security audits at least once a year, developing written data protection policies and guides, more closely monitoring its outside technology vendors, and improving its software patch management controls.
The article is here.