House E&C Dems Want More from Equifax

Letter seeking info comes in advance of planned hearing on massive breach

House Energy & Commerce Committee Democrats have joined in a letter to Equifax asking for more info on the breach of 143 million consumer records.

In a letter to Equifax chairman Richard Smith, they ask what the company is doing to prevent a similar breach and want to know why it took the company more than a month to disclose it to the public. Equifax has said it informed the authorities about the breach.

They also point out that some consumers are still having trouble getting information on whether their info was breached.

“We are writing with serious concerns about the immense scale of this data breach, and we have a number of questions about whether Equifax took appropriate steps to safeguard the personal information of consumers,” they wrote. “We also have concerns about the amount of time it took for Equifax to notify the public of the breach and about the way Equifax is providing information to consumers.”

The committee plans a hearing on the breach for Oct. 3, so the Dems are looking for some info in advance of that hearing, including how it decided that offering a year's worth of credit monitoring was sufficient redress for those whose info may have been breached, how much it would cost to extend that "complementary" service past a year, and how else it plans to mitigate consumer harm.

Elsewhere on the Equifax front, a group of Democratic senators are pushing Equifax to end its policy of requiring outside arbitration of complaints and limiting legal redress. "“Forced arbitration provisions in consumer contracts erode Americans’ ability to seek justice in the courts by forcing them into a privatized system that is inherently rigged against consumers and which offers virtually no way to challenge a biased outcome," said the senators, led by Sens. Al Franken (D-Minn.) and Catherine Cortez Masto (D-Nev.).

In addition, in the wake of the breach, Sen. Brian Schatz (D-Hawaii) has introduced the Stop Errors in Credit Use and Reporting (SECURE) Act, which he says would make it easier for consumers to catch identify theft as well as errors in their credit reports.

The data broker revealed Sept. 7 that there had been a "cybersecurity incident" that it said potentially impacted about half the population.

The information involved included "names, Social Security numbers, birth dates, addresses and, in some instances, driver's license numbers," said the company, adding: "In addition, credit card numbers for approximately 209,000 U.S. consumers, and certain dispute documents with personal identifying information for approximately 182,000 U.S. consumers, were accessed."

The company said it discovered the breach on July 29 and immediately took steps to stop the breach and reported it to law enforcement. It also said there was no evidence that the breach involved its "core consumer or commercial credit reporting databases."

In the wake of the breach, Sen. Mark Warner (D-Va.), co-founder of the Senate Cybersecurity  Caucus, said Congress might need to rethink cybersecurity policies in the wake of a data breach of Equifax, one of the largest data brokers in the U.S.