New York is one of eight states imposing new rules on Equifax in the wake of a data breach that exposed the personal information of millions of customers.
The New York Times reports that the order says Equifax must take specific steps to maintain data security, including conducting security audits and devising security guidelines.
The company has said that the attack occurred when a known software flaw was permitted to persist for months.
Under the new agreement, the states may take “punitive measures” if Equifax fails to live up to the agreement, according to the Times.
Along with New York, California, Georgia, Maine, Massachusetts, North Carolina, and Texas are part of the agreement.
Additional details are available on the New York Times website.