Slashdot Mirror

← Back to Stories (view on slashdot.org)

US Consumer Protection Official Puts Equifax Probe on Ice (reuters.com)

Posted by msmash on from the what-in-the-world dept.

From a report on Reuters: Mick Mulvaney, head of the Consumer Financial Protection Bureau, has pulled back from a full-scale probe of how Equifax failed to protect the personal data of millions of consumers, according to people familiar with the matter. Equifax said in September that hackers stole personal data it had collected on some 143 million Americans. Richard Cordray, then the CFPB director, authorized an investigation that month, said former officials familiar with the probe. But Cordray resigned in November and was replaced by Mulvaney, President Donald Trump's budget chief. The CFPB effort against Equifax has sputtered since then, said several government and industry sources, raising questions about how Mulvaney will police a data-warehousing industry that has enormous sway over how much consumers pay to borrow money. The CFPB has the tools to examine a data breach like Equifax, said John Czwartacki, a spokesman, but the agency is not permitted to acknowledge an open investigation. "The bureau has the desire, expertise, and know-how in-house to vigorously pursue hypothetical matters such as these," he said.

33 of 145 comments (clear)

  1. Not surprising by smooth+wombat · · Score: 5, Insightful

    The con artist administration doesn't want to upset private industry by holding them accountable for their actions (or inactions in this case). Wells Fargo is simply a feel-good tactic.

    After all, if he won't take responsibility for all his failed businesses, because as he'll tell you none of those were his fault, why should other businesses have to be held liable?

    --
    We will bankrupt ourselves in the vain search for absolute security. -- Dwight D. Eisenhower
    1. Re:Not surprising by bluefoxlucid · · Score: 5, Insightful

      My strategy for identity theft includes legislation requiring the CFPB to follow NIST guidelines on current security technology and implement regulations requiring consumer-ready, current technical countermeasures to prevent identity theft. Regulations are faster to change than legislation (hence the weak language), and the industry doesn't just undo all that overnight (so it has some staying power even with a rogue President).

      The current tech for this is FIDO U2F with RSA and ECC. A device holding 1,000 identities costs $18. You walk in a bank, show your hard ID (e.g. passport, driver's ID), and the bank lets you plug in and associate the physical device with yourself with Equifax, TransUnion, and Experian. After that, opening any new credit account requires having that physical device; and if you lose it, you can call the bank to cancel the association but leave the requirement of verification enabled.

      Banks need a strong physical presence verification process to open credit accounts. You can open a credit account without being at a bank by knowing what car someone drove 10 years ago; that's no good.

      We can do more things to reduce attack surface in the case where the banks are bad actors by way of not doing appropriate verification, such as requiring the bank to be your bank--a branch you physically visited within the past few months, or designated from another branch. Largely, however, we need to remove all the attacks possible from many positions (many points of failure, non-redundant) and consolidate them to a physical bank branch, which we can better-control with stronger regulations on verifying identity (single point of failure, stronger).

      Going after Equifax is important: they concealed this breach, took advantage of their knowledge, and otherwise acted with bad faith. In the broad scope, however, it's only important for procedural reasons: fines and threats of action when breaches happen won't stop identity theft; you have to bring pressure for not having the correct countermeasures in place before breaches happen.

      --
      Support my political activism on Patreon.
    2. Re:Not surprising by orgelspieler · · Score: 4, Insightful

      I'm pretty sure once Yellen leaves, they will completely (and quietly) undo the Wells Fargo thing. And there will be a new Twitter spasm by the orange rage machine that everybody will be talking about instead.

    3. Re:Not surprising by idontgno · · Score: 2

      /epiphany

      We've elected Zaphod Beeblebrox. FML.

      --
      Welcome to the Panopticon. Used to be a prison, now it's your home.
  2. Dereliction of duty? by charliemerritt03 · · Score: 5, Insightful

    Federal consumer protection against predatory PayDay loans was "relaxed" also. Gotta save Equifax? How much did they contribute?

  3. Big news! by GrahamJ · · Score: 4, Funny

    News Flash: Trump’s picks don’t do their jobs.

    In other news: The sky is blue.

    1. Re:Big news! by brickhouse98 · · Score: 4, Interesting

      He's at least consistent. Hasn't he appointed someone who has the express goal of destroying whatever they are heading? EPA, education, etc.

    2. Re:Big news! by Rick+Schumann · · Score: 3, Insightful

      Oh, they're doing their 'job', just not the one everyone thinks they're doing. The 'job' in this case is to prop up shitty incompetent companies like Equifax, so they continue to make money unabated, and fuck the average person, they don't matter. So long as the rich get richer, they say 'mission accomplished'.

    3. Re:Big news! by Dragonslicer · · Score: 4, Funny

      Yeah, Obama should have sent the guns to Nicaragua instead and just given Iran a huge pile of money, like a True American President would have done.

    4. Re:Big news! by GameboyRMH · · Score: 2

      Yep, a fox in every henhouse is his strategy. If a fox is unavailable for any given henhouse, then a loyalist crony is better than some rando (see: HUD, ambassadors), or god forbid, a qualified expert who isn't a frothing partisan.

      --
      "When information is power, privacy is freedom" - Jah-Wren Ryel
  4. New dept name: US Protection Against the Consumer by JoeyRox · · Score: 5, Funny

    Those pesky consumers have been running roughshod over our sacred corporations for too long.

  5. Regulatory Capture by sasparillascott · · Score: 5, Insightful

    This is when someone from the industry or similar industry being regulated gets someone who was their former employee to head the agency that is charged with regulation or in this case protecting consumers from these industries put in as head of the regulating agency to effectively prevent it from acting on behalf of the citizens of the U.S..

    This condition is pretty new (at least on the widespread scale it is). In 1970, lobbyists who didn't work for companies and were policy or foreign policy specialists numbered around 100. By 1990 that number was more than 10,000 and nearly all worked directly for companies. Effectively the U.S. government has been taken over by corporate interests in that time (its far more blatant like here with Mr. Mulvaney with the Republicans who have no shame in it being public). Not sure how we get out of it either, seems self reinforcing.

  6. Trump - Constant Liar, Treason, Obstruction of J. by Anonymous Coward · · Score: 5, Insightful

    I'll believe 3 unnamed sources in a credible news paper before I believe Donald Trump, who tells such obvious lies that he actually thought he could tells us there were more people in the configurations than we saw in photographs of the events.

    But maybe you'd like to enroll in Trump University, where he lied to students in order to con them out of $25k, swiped onto their credit cards if necessary.

    Rube.

  7. How ot works in Belgium by houghi · · Score: 5, Interesting

    In Belgium we haver the National Bank (BNB) who hold all information of all credits. I am just goig to talk about personal credits, not proffesional credits as I do not have enough knowledge about that.

    If you go to a bank or credit company or car dealer ship or store and want to open a credit or loan, there will be some things that they will need to verify:
    1) Are you of legal age
    2) Do you live in Belgium officially
    3) Are you on the BNB blacklist
    4) Will you be able to pay back.

    So the first time you go, there will be nothing on the BNB and if your income - your cost of living (rent , clothing and food) leaves sufficient room for a credit or loan, you get one.
    e.g you make 1000EUR. Rent is 500 and cost of living is 500, no loan. You make 1250, you could get a loan up to 250EUR per month in payback.
    Say you take one of 100EUR. the next one will be a max of 150EUR.
    Yes, cheating is possible. It is called fraud, so nothing to do with any of this.
    If the customer is unable to pay (this includes going in red for more than 3 montths with your bank account) you will be on the black list for 1 year starting from the moment you have paid back the amount you are behind, regardless if you have enough. That means no loan, no new car, no house you can buy.

    Every company that gives loand has to check this. If you give a loan to a person on the blacklist, he does not have to pay it back. you can ask nicely, but if there is a loss, it will be 100% on the company. If you give a loan of somebody who clearly could not pay it back, you will be 100% resposible if they don't. (Fraud is something different)

    Every bank does this. That mean that every bank must be able to see the needed (not wanted) information. So what does e bank see?
    1) The number of kredits
    2) Type (e.g credit, loan, ...)
    3) The monthly payment if the total amount is used
    4) The total amount
    5) Blacklisting due to late mpayments more than 3 months.

    What do they NOT see?
    1) The name of the other companies
    2) Late payments less than 3 months.

    Each person has the possibilaty to ask the information and they will get the names of the company.

    This obviously works over secure Internet. So even IF people would get the database, the things you can do with it are pretty limited. As a company we already have access. If you are not a compamy who does loand, you are unable to do anything with it.

    --
    Don't fight for your country, if your country does not fight for you.
    1. Re:How ot works in Belgium by houghi · · Score: 5, Informative

      In Belgium you need to be a loan company to get access. That means not just saying that you are one, you need to prove that you are one and then you need to fullfill several tests.

      That is the reason that the majority of the chains who sell something on credit do not do the credit part themselves. That is outsourced to a credit company. This because they are unable (not unwilling) to fullfill all the requirements.

      And it does not matter what they cvlaim. They need to follow the law and the law is pretty clear in that saying that there is a difference in late payment and a loan.

      The gathering of information in Europe is also limited as well as what you can do with it, by law. Yes, some will do illegal stuff. Just because murder is illegal does not mean nobody does it. Laws are because of accountability, not prevention.

      --
      Don't fight for your country, if your country does not fight for you.
  8. Re:Excellent. by Alain+Williams · · Score: 2

    Please can I have the moderation option: +1 irony.

  9. I totally agree! by Anonymous Coward · · Score: 5, Funny

    "Firstly, there seems to be a lot of deep-state resistance to Trump's agenda. "

    We also need to consider the extraterrestrial element. However, that is being nullified by the Catholic Church's influence who the aliens are aligned with politically.

    We'll never know if the Satanists come in and muck up the works but my bets are on the Girl Scouts of America getting involved at some point.

     

  10. Re:CFPB? by Anonymous Coward · · Score: 4, Insightful

    The CFPB is about protecting the consumer from abuse from the financial sector. This is well within their scope.

    And if they don't anything no other entity in the government will do anything. The credit bureaus and every other firm that collects consumer data needs to be regulated severely because as we have seen time and time again, business is incapable of operating responsibly. And when caught, there is hardly any recourse for the consumer and when there is, it is so watered down as to be pointless - mandatory binding arbitration is a perfect example. The consumer will never get a fair shake.

  11. Re:Yes and no by whoever57 · · Score: 4, Insightful

    The real solution would be to make these institutions financially liable for the effects of false information in their files.

    Can't get a mortgage because of an error in their files? You should be able to sue Equifax for your loss.

    Can't get a job because a hacker used your details to obtain loans fraudulently: sue Equifax.

    If we are going to reduce regulations, let's eliminate the laws that protect these companies from being sued.

    --
    The real "Libtards" are the Libertarians!
  12. Pathological liars by sjbe · · Score: 5, Insightful

    You would not believe Trump if he told you the sky was blue.

    I don't have to believe Trump about that. Fortunately a lot of what he lies about I don't have to believe because I can check to see if it is true. What's astonishing is how many lies he tells that are easily and transparently shown to be false. Even about things where there is no benefit to him lying beyond stroking his own ego. But worryingly he does it about things that matter too. So no, when someone is a pathological liar I tend to reflexively not believe them until I see evidence supporting what they say.

    The problem with people who judge President Trump so harshly on such inane things...

    Spare me. The man is in a position of immense power and what he says matters whether we like it or not. He tells little lies and big lies but the point is that he cannot be trusted.

    At some point you stop convincing people that he is bad when they realize you are just petty.

    If you haven't figured out by now that Trump is a horrible human being and a terrible president then you never were going to be convinced in the first place and will support him no matter how reprehensibly he behaves.

    1. Re:Pathological liars by Rob+Y. · · Score: 5, Insightful

      Not true. I'd be the first to agree with Trump if he said something obviously true (like "Donald J. Trump is a big fat liar"). I didn't believe him at first when he said "I could shoot someone in the middle of 5th avenue and get away with it", but I think maybe I do now...

      Seriously, during the campaign, I agreed with some of his analysis of the state of blue collar manufacturing in this country. Of course, he was so sketchy in presenting solutions - if he presented them at all - that agreeing with him on those points was no reason to support him. He has no substance whatsoever and didn't even attempt to present substantial policy platforms - or didn't you notice when he finally realized "Health care is complicated" after running around the country calling Obamacare a disaster that he would quickly and easily replace with something much better... Pure con man. There is nothing more to him.

      --
      Posted from my Android phone. Oh, I can change this? There, that's better...
    2. Re:Pathological liars by Rakarra · · Score: 2

      You miss the point. If President Trump said the sky was blue, you would dispute that with him. You would come up with SOME reason for it to be untrue.

      No, you put words in his mouth. YOU are saying that, not him.
      His point was that President Trump making a statement is not any reason to believe that statement is true. He has lied enough that he can't be trusted on anything, so you have to look elsewhere for the truth.

      If he thought the crowd size was one thing, and was incorrect - that is not necessarily a lie. People can be wrong and still be sure they are right.

      Yes, but when the easily-checked sources say one thing, and you just want to believe (and claim) another thing, at that point it becomes a lie, not just misinformed.

  13. No conspiracy, just no competence, no self-control by Roger+W+Moore · · Score: 3, Insightful

    So if someone doesn't do their job, when is it good and when is it bad?

    If they do not do their job it is generally bad unless they give a reason for not doing their job. In this case it is particularly bad because there was no reason given and because failure to secure data like this is far more important than whether a company gets fined or not: it risks undermining a fundamental financial service on which many others rely. This is no doubt why other arms of the US government offered to help: they understand how important it is that there is some degree of confidence both from consumers and other financial companies in the credit check service.

    Secondly, the president is responsible for what happens, but not at fault for what happens in the administration.

    Correct, and if he reverses this decision explaining that it is vitally important that major breaches like this are fully investigated in order to maintain confidence in an essential financial service then he would be doing his job. However, if he lets this stand then he is at much at fault as those making the decision because he is agreeing with it.

    you don't have to agree with everything the president stands for

    Indeed you do not. However, you are allowed to demand that your political leaders clearly explain their aims and policies and competently carry them out. I see close to zero evidence of either from Mr Trump. Fortunately, he is not my president but even the few things he does where I might agree with his actions (his aims never seem to be clear and often appear to shift on a whim) are carried out in such a hamfisted, incompetent manner that almost seemed designed to antagonize as many people as possible. This is why he faces so much opposition and never seems to get things done where a more competent person with some degree of self-control would avoid the cheap shots and the unfiltered stream of thoughts so that the job actually gets done. It is not some bizarre conspiracy resisting his rule it is just all the people he managed to tick off unnecessarily.

  14. Re:Trump - Constant Liar, Treason, Obstruction of by aquacrayfish · · Score: 5, Insightful

    The problem with people who judge President Trump so harshly on such inane things is that eventually people have had enough of you.

    This in response to a comment on a settled cause of consumer fraud where vulnerable people had their pockets emptied because of Trump. You call *THAT* inane and then act like you're on a high horse. Go troll elsewhere please.

  15. Re: Yes and no by sound+vision · · Score: 3, Insightful

    That goes against the part of the Republican platform of making it difficult to sue. It would create a loophole in the grand plan. Even if they do decide to go schizo on that particular piece of it, getting more lawyers involved has never made anything happen efficiently. Litigation needs to be the final resort when regulations have failed to prevent laws from being broken.

  16. Mulvaney took $5K from Equifax's PAC by robkill · · Score: 5, Informative

    Not surprisingly, Mulvaney has been taking money from Equifax, Experian, and other entities the CPFB has been investigating, and has delayed, or ended investigations against them.

    https://www.commondreams.org/n...

    Then again what else do you expect when the appointed leader of a government organization believes that organization shouldn't exist. (e.g. Rick Perry, Ryan Zinke, Scott Pruitt etc.) Dismantling of government oversight, de facto bribery (not de jure only due to only ridiculously strict interpretations of the bribery law, explicit quid pro quo situations being prosecuted, and seldom even then.)

    --
    DMCA - Chilling free speech since 1998.
  17. Easy answer by fahrbot-bot · · Score: 5, Insightful

    ... raising questions about how Mulvaney will police a data-warehousing industry ...

    He won't. He was appointed to undermine the Consumer Financial Protection Bureau.

    From Mick Mulvaney to Run Consumer Watchdog Agency He Hates and others:

    As a congressman, Mulvaney called the CFPB a “sick, sad joke.”

    --
    It must have been something you assimilated. . . .
  18. Re:Yes and no by squiggleslash · · Score: 2

    To be clear, states elected that administration, not people. People, FWIW, didn't want any of the candidates, but favored Trump's opponent by about three million.

    --
    You are not alone. This is not normal. None of this is normal.
  19. Re:Unnamed Sources by orgelspieler · · Score: 5, Informative

    It's funny, back in 2016 Fox News was more than happy spouting conspiracy theories about Hillary's health citing unnamed sources. Back in 2011, none other than Donald Trump cited unnamed sources that there was conclusive evidence that Barack Obama was not born in Hawaii. It's funny how naming sources only seems to matter when the story disturbs your worldview.

    You choose to dismiss anti-Trump stories. Nothing "made" you do it. Please accept that you have completely shut down the thinking part of your brain and are relying on your amygdala to think for you. Sad!

    I love the irony of your last line. It's hard to have trust in the right-wing media, because they have spent about 20 years shitting all over the facts and telling us it's truth compost. It's getting to the point where fact-checkers don't even bother anymore.

  20. Re:Corporate death penalty by slew · · Score: 2

    FWIW, I think that just like "human death penalty" doesn't have and deterrence value, similarly, the "corporate death penalty" is the same. People (and corporations) simply don't factor in that as part of their cost analysis before committing the crime.

    It's good political theater to talk about "death penalties", for punitive or retribution value, but as an actual deterrent, I think "death penalties" are of very little value. Basically you get a bunch of rank-and-file folks losing their jobs and a bunch of commercial real-estate investors lose money, along with some mom-and-pops (e.g., local vendors, local restaurants, etc). The collateral damage is pretty high...

    On the other hand, I can certainly get on board with some sort of asset forfeiture program, where the company is basically put up for auction and sold to the highest bidder under the condition that none of the executives can be part of the future path of the company.

  21. Re:Trump - Constant Liar, Treason, Obstruction of by Narcocide · · Score: 4, Insightful

    It's not really the rubes that scare me. It's the ones that pretend to believe him even though they don't - those guys scare me.

  22. Re:Trump - Constant Liar, Treason, Obstruction of by HiThere · · Score: 4, Insightful

    My default assumption these days is that if Trump says something, it's a lie. If I can check, and feel like bothering, I'll occasionally find I was wrong. But not usually.

    --

    I think we've pushed this "anyone can grow up to be president" thing too far.
  23. Re:Trump - Constant Liar, Treason, Obstruction of by alexo · · Score: 3, Insightful

    My default assumption these days is that if Trump says something, it's a lie.

    One day he'll admit to it, and your mind will explode.