Join NexChange - the professional
network for the financial services
industry - and receive a free one-
year subscription to Forbes
U.S. Senator Criticizes Equifax's Response to Massive Data Breach
The shocking data breach last week of Equifax that compromised sensitive information of roughly 143 million Americans – including Social Security numbers and driver’s licenses – has been called “as bad as it gets” by security experts.
The fact that one of three maj0r consumer credit agencies in the United States – with access to so much sensitive information that could cause devastation to millions if stolen – had seen its security measures fail, has been met with outrage and a demand for significant penalties.
Also drawing significant criticism has been the response by Equifax to the data breach. Whether its offering confusing instructions to consumers about what they should do now or asking consumers to submit their credit card info (seriously) for a ‘free’ one-year credit monitoring service that the agency was offering victims of the hack.
Now Senator Brian Shatz (D-Hawaii) has sent a letter to Equifax criticizing the company’s response, noting that the one-year credit monitoring service “is insufficient given the scope of the data breach.
Customers will face the risk of identity theft for years to come. In addition, credit monitoring is far from the best solution for many consumers. It can only detect identity theft and fraud after it has already occurred, while a credit security freeze can prevent identity theft and proactively protect customers’ personal information.
But most importantly, it is unacceptable that Equifax is charging customers to fix Equifax’s own mistakes. If even a fraction of the impacted customers implement security freezes, Equifax stands to make hundreds of millions of dollars from its security failings. Equifax should not only offer complimentary security freezes for its customers, it should also pay for or reimburse credit freezes with the other two major credit reporting agencies, Experian and TransUnion.
Shatz also listed four steps that Equifax needs to take in response to the data breach:
- Pay for or provide reimbursements for security freezes at each of the three major credit reporting agencies, i.e., TransUnion and Experian in addition to Equifax.
- Provide impacted customers with information about the importance of placing security freezes on credit reports in order to prevent identity theft.
- Extend unlimited free credit monitoring services for impacted customers.
- Undertake an independent security audit of Equifax, and its subsidiaries, to ensure the integrity of its data systems.
Shatz has also reintroduced legislation, called the Stop Errors in Credit Use and Reporting (SECURE) Act, along with Senators Elizabeth Warren (D-Mass.), Claire McCaskill (D-Mo.), Richard Blumenthal (D-Conn.), Bernie Sanders (I-Vt.), and Jeff Merkley (D-Ore.). The SECURE Act is meant to make it easier for consumers to catch and identify identify theft, fraud and errors in credit reports.
The bill calls for these industry changes:
- Make credit reports more accurate. Currently, there are no minimum standards for credit reporting agencies (CRA) and data furnishers to accurately match consumers’ names, addresses, or Social Security numbers, often resulting in incorrect information included in a consumer’s credit report. The SECURE Act would direct the Consumer Financial Protection Bureau to establish minimum procedures that a CRA must follow to ensure maximum possible accuracy of consumer reports. When errors are caught, the bill would require CRAs to gather and report information on consumer disputes and resolutions. It would also require CRAs to pass along documentation sent by consumers to data furnishers, making it easier for consumers to correct their credit report.
- Give consumers the information they need. While consumers today are entitled to free credit reports, they can be difficult to interpret. The SECURE Act would ensure that consumers get the information they need to understand their credit reports by enabling consumers to understand how their credit report is being used and by whom. It would also allow them to see the same information that is used by lenders to deny a consumer credit or increase interest rates and would provide consumers with access to meaningful credit scores free of charge annually.
- Protect children from identity theft. Stealing a child’s identity can go undetected for years and inflict significant damage on the child’s credit report. This legislation would enable parents to impose a security freeze on their child’s credit report to protect their child from identity theft and keep their credit reports clean.
- Give regulators better tools for enforcement. CRAs and data furnishers operate in a system with little transparency and accountability. This legislation would create a national registry of CRAs so that consumers know which companies are collecting and disseminating information about them. It would also direct the Government Accountability Office to conduct a study of existing public credit reporting systems and evaluate the feasibility, as well as the costs and benefits, of creating a national credit reporting system in the United States.
- Give consumers legal remedies. The legislation would provide injunctive relief as a remedy for consumers who sue CRAs under the Fair Credit Reporting Act and hold CRAs accountable to the FTC for negligent violations of the FCRA.
You can read Shatz’s full letter to Equifax here.
Photo: Office of Sen. Brian Shatz