Equifax, one of the three major consumer credit reporting agencies, revealed it suffered an initial data breach between March and April this year - two months prior to a second data breach that exposed the personal and financial data on 143 million U.S. consumers. In the initial March breach, hackers were able to access information from an Equifax subsidiary, TALX, which provides online payroll, tax, and human resources to some of the nation's largest corporations.
WAIT. BACK UP.
The massive data breach that affects 44% of the U.S. population occurred from mid-May through July 2017. In a detailed announcement, Equifax confirmed hackers were able to access names, Social Security numbers, birth dates, addresses, and in some cases, driver's license numbers. Three Equifax officers are under a Department of Justice criminal investigation for selling almost $2 million of stock after this cyberbreach was internally identified but before the public was notified. The company stated the executives were unaware of the hack when they sold the stock.
OTHER COUNTRIES AFFECTED?
Although the consumer website application was only intended for U.S. consumers, Equifax stated that Canadian and UK consumers were also affected. Equifax estimates that the personal details of approximately 100,000 Canadians were exposed. Equifax UK confirmed that British systems were not affected by the U.S. hack but due to a process failure 400,000 U.K. consumers were affected.
This week, New York Governor Andrew Cuomo announced proposed regulations that all credit reporting agencies need to comply with the state's cybersecurity regulations. Known as the “first of its kind,” New York's new cybersecurity requirements for financial service companies took effect March 1, 2007. Additionally, Equifax is facing a congressional investigation as well as several pieces of legislation directed at Equifax and other data brokers to be more transparent, develop comprehensive data security programs, and provide better consumer protections. We'll keep reporting on any federal cybersecurity legislation that affects business.
Hurricane Maria is tearing through the Caribbean as a Category 5 storm bringing potentially catastrophic damage. This is the first direct Category 5 hurricane to hit Puerto Rico directly since 1928, and residents are being told to "evacuate or die" by government officials. Maria is the fourth major hurricane to hit the region this year. According to early estimates, the combined destruction from Hurricanes Harvey and Irma could range from $150 billion to $200 billion.
The 2017 wildfire season is shaping up to be one of the worst in U.S. history in land burned. More large, uncontrolled wildfires were burning in 10 Western states in early September than at any comparable time since 2006. So far, 8.3 million acres burned as of mid-September with nearly 21,000 firefighters actively fighting wildfires across the region. Further, this season has seen closer proximity to large metropolitan areas than in recent years. Los Angeles Country saw one of the largest wildfires ever recorded threatening Burbank, California and evacuation orders reached to within 15 miles of downtown Portland, Oregon. We'll keep you informed on the damage estimates from natural disasters.
Making Our Way Around The Country
The Trump administration's opioid commission announced a new partnership with the pharmaceutical industry to accelerate the development of non-addictive painkillers. Seventeen of the major drug makers in the U.S. have agreed to share roughly 40 different compounds with each other with the hope it will lead to the creation of alternative pain medication. Gov. Chris Christie, who chairs the opioid commission, said the partnership mimics the industry's reaction to the HIV/AIDS epidemic when pharmaceutical companies came together to develop effective treatments. The companies will work together with the National Institutes of Health and the Food and Drug Administration. The commission estimates opioid overdoses kill 142 people a day.
A Minnesota appeals court ruled employers in Minneapolis have to provide paid sick leave for their workers. The court ruled that only Minneapolis-based companies are required to comply with the sick leave ordinance. The law requires employers with six or more employees who work at least 80 hours a year to provide one hour of paid sick leave for every 30 hours worked, up to 48 hours a year. The law took effect July 1. It is expected to be appealed to the Minnesota Supreme Court.
Since I just dropped off my teen at his first driver's education class, I'm compelled to talk statistics. Traffic crashes are the number one killers of teens in America and according to statistics, teens have four times higher fatal crash rates than adults. Happy to report that two new automotive studiesfound that cars equipment with car avoidance systems, such as lane departure or blind spot detection, work to prevent crashes by 11-14%. However, the report noted that U.S. drivers frequently turn off the lane departure warning so it hasn't been as effective as in Europe (think 53% effective!). I guess I'll be car shopping with a bumper sticker saying teen driver.
About The Way
The Way is Gallagher Bassett's weekly governmental briefing on state and federal affairs that affect our industry. We thank you for starting your Wednesday morning with us. Please be sure to follow #GBTheWay for additional news and updates as we make our way throughout the country on the issues affecting our industry. For more information, please connect with GB on LinkedIn, follow us on Twitter, or contact the authors, Greg McKenna or Cari Miller, directly.