(Adds details about Maine credit agency registration requirement)
WASHINGTON/NEW YORK, Sept 18 (Reuters) - New York's governor announced plans on Monday to require all credit reporting agencies to register with the state, while federal authorities reportedly opened a criminal probe into Equifax Inc executives' stock sales before the company disclosed a massive data breach.
The U.S. Justice Department is looking into whether Equifax Chief Financial Officer John Gamble, Joseph Loughran, president of U.S. information solutions and Rodolfo Ploder, president of workforce solutions, broke insider trading rules in selling stock after the breach was discovered in July and before it was disclosed in early September, Bloomberg reported on Monday.
Shares of Equifax, which have fallen about a third since the hack was announced, slowed their slide on Monday and were up 1.5 percent at $94.38 at the market close.
Equifax has said the executives were unaware of the hack when they sold the stock for $1.8 million.
New York Governor Andrew Cuomo said he planned to require all credit reporting agencies to register with the state and comply with its cyber security rules.
The proposed regulation, ordered after Equifax Inc's breach exposed sensitive data of up to 143 million people, would take effect in February, a statement from Cuomo said. If the companies do not register, they risk being barred from doing business with financial companies regulated by New York state.
Cuomo said credit reporting agencies, including TransUnion and Experian Plc, each year would have to report their officers or directors who are responsible for compliance with laws and regulations involving financial services, banking and insurance.
The state would also be able to bar a credit reporting agency from doing business there if it is found to engage in "unfair, deceptive or predatory practices," the statement said.
"The Equifax breach was a wakeup call," Cuomo said in the statement, "and with this action, New York is raising the bar for consumer protections that we hope will be replicated across the nation."
Proposed regulations are typically subject to a period when the public may comment on them before they become final.
The Justice Department and the three credit reporting companies did not immediately respond to requests for comment.
A New York state cyber security regulation, the first of its kind in the United States, took effect on March 1. It requires financial firms to take measures to protect networks and customer data from hackers and disclose cyber events to state regulators.
Maine is presently the only U.S. state that requires credit reporting agencies to register, said William Lund, superintendent of the Maine Bureau of Consumer Credit Protection. But its law does not cover cyber security, an issue the bureau will have to consider, Lund said.
Maine, which has been registering credit reporting agencies since the 1990s, has 30 such agencies on its roster, ranging from the largest to those dealing with everything from check approval to tenants' rental histories, he added.
"We wouldn't have known that if registration was not required," Lund said.
An unknown number of people have struggled to use the Equifax website to get promised free credit monitoring or credit freezes put in place.
Adam Levitin, who teaches at Georgetown University's law school, tried several times to freeze his account, an action that would bar thieves from illegally applying for credit in his name. The Equifax website would appear to take several screens worth of data, but would not finish the process.
"I tried again at one in the morning, and it went through," he said. "Equifax has two problems. The first is the data breach, and the second is the customer service problem." (Reporting by Diane Bartz; Additional reporting by Sarah N. Lynch; editing by Bernadette Baum and G Crosse)