(Reuters) – Credit reporting company Equifax Inc said it was informed by several U.S. regulators that they intend to seek damages from the company related to the cybersecurity breach of 2017 that exposed personal information of nearly 145 million people.
The company has received legal notices from the Federal Trade Commission, Consumer Financial Protection Bureau and the New York Department of Financial Services, it said in a filing on Thursday.
The United States Securities and Exchange commission had also issued a subpoena on May 14, 2018, regarding disclosure issues relating to the data breach, while the Office of the Privacy Commissioner of Canada has informed Equifax it intends to “make certain findings and recommendation” related to the incident.
The company has been named in 19 class action lawsuits in courts across the country, it said, and has spent hundreds of millions of dollars since disclosing the breach.
Regulators in the UK and Australia have also fined the company for the breach that saw personal information such as Social Security numbers, birth dates and addresses of millions of people being stolen by hackers.
Equifax first disclosed in September 2017 that it had been the target of a massive data breach, mostly in the United States.