Less than two weeks after disclosing a massive data breach, Equifax’s legal and government troubles are piling up fast.
Federal agencies, state officials and members of Congress are now probing Equifax over its data security practices, customer service response and the possibility of insider trading from executives.
The breach may have compromised personal information from as many as 143 million Americans. This included some of our most sensitive information: social security numbers, addresses, driver’s license numbers.
A rush of lawsuits have also been filed against Equifax on behalf of consumers and shareholders. And that’s just in the US.
Equifax said Tuesday that as many as 100,000 Canadians may have been impacted by the breach. Last week, the company said up to 400,000 people in the U.K. may had personal information compromised too.
Related: How the Equifax data breach happened: What we know now
The drumbeat of lawsuits and regulatory announcements has helped drive down Equifax’s stock price by about a third since the breach was first reported.
Equifax now faces the risk of hefty fines, jail time for executives and new regulations that could change how it and other credit reporting firms do business.
A spokesman for Equifax said in a statement that it “has been in regular communication and is cooperating with federal agencies, regulators and state attorneys general.”
Federal investigations: Equifax is being investigated by both the Department of Justice and the FBI.
U.S. Attorney John Horn in the Northern District of Georgia told CNN this week that his office is working with the FBI to conduct a criminal investigation into the breach.
Related: Equifax says March breach not related to major hack
Federal Trade Commission probe: In an unusual move, the FTC said last week that it has opened a probe into the Equifax debacle. The agency did not specify which aspects of the breach it’s investigating.
Massachusetts and other states: Maura Healey, the attorney general of Massachusetts, filed the first state lawsuit against Equifax on Tuesday. Healey alleges Equifax “knew about the vulnerabilities in its system for months, but utterly failed” to keep customers safe.
Other attorneys general from New York, Illinois, Pennsylvania and Connecticut have also launched investigations into the breach.
Congressional hearings: Equifax has come under fire from legislators of both parties. The House Financial Services Committee and the House Energy and Commerce Committee have each called for hearings on what went wrong leading up to the breach.
In its statement Tuesday, Equifax said it has “agreed to provide testimony to Congress.”
Senate pressure over stock sales: Separately, a bipartisan group of dozens of senators sent a letter urging the FTC, Department of Justice and the Securities and Exchange Commission to investigate Equifax over its executives’ stock sales.
Three Equifax executives sold shares of their company worth nearly $2 million shortly after the breach was discovered. The sales came before the breach was announced to the public.
Related: Equifax’s chief information officer and chief security officer are out
Dozens of private lawsuits: Given the scale of the breach, it should come as little surprise that Equifax is inundated with private litigation. Dozens of class action lawsuits have already been filed against Equifax on behalf of consumers and shareholders.