The rash of investigations launched in the wake of Equifax's massive data breach signal a more open and aggressive approach to policing such incidents that is likely to leave companies rethinking their plans for responding to cyberattacks and cooperating with officials, attorneys say.

The headaches for Equifax continued Tuesday as the U.S. Attorney's Office for the Northern District of Georgia confirmed that it is working with the FBI to conduct a criminal investigation into the breach and the Massachusetts attorney general slapped the company with a civil suit accusing it of negligently failing to protect consumers by not fixing holes in its security system. Equifax's breach, announced on Sept. 7, compromised the sensitive financial and personal information of 143 million people.

"With an incident of this size and potential impact, no prosecutor or regulator with skin in the game is going to sit on their hands," said Ed McAndrew, the co-practice leader of Ballard Spahr LLP's privacy and data security group. "For businesses, the lesson that they need to take away is that the complexity of a breach response and the potential consequences of being victimized need to be appreciated early."

Read the full article here. Subscription may be required.