Ron Wyden (D-Oregon) have issued a letter to Equifax’s leadership stressing the gravity of the breach, stating that “Equifax is a critical partner of the Internal Revenue Service, Centers for Medicare & Medicaid Services, the Social Security Administration and other federal agencies that are the sources and recipients of some of the most sensitive information affecting individuals, as well as the targets of the vast majority of identity theft fraud against taxpayers.” The senators are demanding that by September 28, 2017, Equifax provide responses to 13 questions set forth in the letter, which request information such as a detailed timeline of the breach, actions Equifax has taken to mitigate and properly respond to the breach, background on Equifax’s information security program, whether Equifax used third-party security experts to test its systems, and whether the company worked to fix any of the issues that were identified in security testing. Senate Finance Committee Chairman Orrin Hatch (R-Utah) and ranking member Sen. House of Representatives – Judiciary, Financial Services, and Energy and Commerce – plan to hold hearings on the breach in the coming weeks. The attorneys general for New York and Massachusetts have launched investigations and suits, and the Consumer Financial Protection Bureau (CFPB), which shares oversight of credit bureaus with the Federal Trade Commission (FTC), is looking into the breach and Equifax’s response. The revelation of the breach has drawn the attention of lawmakers and regulators at both the federal and state level, several of whom have expressed the view that increased federal regulation of the credit reporting industry and other companies that store vast amounts of sensitive personal information may be needed to combat similar incidents in the future. Response from Lawmakers and Potential for Increased Regulation As of Monday, September 11, more than 30 lawsuits have already been filed against Equifax in the United States related to the breach, including at least one accusing the company of securities fraud. After swift public backlash, a company spokesperson clarified that its arbitration clause applied only to the free credit monitoring service, and not the breach itself, meaning that consumers may still sue Equifax over the breach. While Equifax is offering free credit monitoring, it initially required people who enrolled in the service to agree to a mandatory arbitration clause, thereby waiving the right to sue Equifax. Three Equifax executives, including its chief financial officer, collectively sold $1.8 million in company shares days after the company discovered the breach, although the company maintains that the executives were unaware of the breach. Equifax set up a website for consumers to inquire whether their information may have been compromised in the breach and to sign up for a year of free credit monitoring, but consumers trying to access the website have encountered technical difficulties and confusing instructions. Further details about exactly how the breach occurred are still forthcoming, but it has been reported that the attack may have been due to Equifax’s use of an unpatched version of open-source web application software used for creating web applications.Įquifax’s delay in announcing the breach and its actions in the wake of the announcement drew criticism from consumer groups, lawmakers, and regulators. website application vulnerability to gain access to certain files. Equifax has stated that the cyber criminals exploited a U.S. The breach also involved the personal information of people in the United Kingdom and Canada. The credit card numbers of about 209,000 people and credit report dispute documents containing personally identifiable information of about 182,000 people were also stolen. The hackers accessed people’s names, Social Security numbers, birthdates, addresses and, in some instances, driver’s license numbers. According to Equifax, the breach lasted from mid-May through July 2017, and was discovered on July 29. On September 7, Equifax, one of three nationwide credit-reporting agencies that compile and evaluate the financial history of consumers, announced that it suffered a security breach in which sensitive information of approximately 143 million Americans was compromised.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |