(Adds US Attorney criminal investigation)
By Diane Bartz and Suzanne Barlyn
WASHINGTON/NEW YORK, Sept 18 (Reuters) - New York Governor Andrew Cuomo said on Monday that he wants credit-reporting firms to comply with the state's cyber-security regulations, the latest government official to crack down on the industry in the wake of the massive Equifax hack.
Also on Monday, Bloomberg News reported that federal authorities have opened a criminal probe into stock sales by three Equifax Inc executives before the company disclosed the massive data breach, news that has weighed heavily on the stock price.
The company has said the executives were unaware of the hack when they sold the stock for $1.8 million.
Equifax's legal woes worsened as the U.S Attorney's office in Atlanta issued a statement saying it was working with the FBI on a criminal investigation into the breach and theft of personal information.
Equifax shares rose 1.5 percent on Monday after losing about a third of their value since the hack was announced. The Equifax breach discovered on July 29 exposed sensitive data like Social Security numbers of up to 143 million people.
Cuomo said he planned to require all credit-reporting agencies to register with the state and comply with its cyber-security rules.
The proposed regulation would take effect in February, Cuomo said in a statement. If the companies do not register, they risk being barred from doing business with financial companies regulated by New York state.
The state would be able to bar credit-reporting agencies, including TransUnion and Experian Plc, as well as Equifax, from doing business in New York if the state found they engaged in "unfair, deceptive or predatory practices," Cuomo said.
"The Equifax breach was a wake-up call," Cuomo said. "And with this action, New York is raising the bar for consumer protections that we hope will be replicated across the nation."
Proposed regulations are typically subject to a period for public comment before they become final.
A New York state cyber-security regulation, the first of its kind in the United States, took effect on March 1. It requires financial firms to take measures to protect networks and customer data from hackers and disclose cyber events to regulators.
Maine is the only U.S. state that requires credit agencies to register, said William Lund, superintendent of the Maine Bureau of Consumer Credit Protection. But its law does not cover cyber security, an issue the bureau will have to consider, Lund said.
Maine, which has been registering credit-reporting agencies since the 1990s, has 30 such agencies on its roster, ranging from the largest to those dealing with everything from check approval to tenants' rental histories, he added.