Equifax Inc. has reached an agreement with eight states that will require the credit reporting agency to put stronger security measures in place to prevent future data breaches.

About 147.9 million Americans were impacted by Equifax’s 2017 data breach, which was the largest exposure of personal information in history.

While Equifax has taken steps to correct the problems that led to the incident, state regulators say Wednesday’s consent order addresses deficiencies that have persisted. The states involved were Alabama, California, Georgia, Maine, Massachusetts, New York, North Carolina and Texas.

The order requires Equifax to take a number of steps to shore up weaknesses in its information technology and data security operations over the next year.

Equifax, which is based in Atlanta, said a “good number” of the action items have been completed and that it expects to “meet or exceed” all the commitments made in the order.