Slashdot Mirror

← Back to Stories (view on slashdot.org)

Two Lawmakers Urge FTC, CFPB To Keep Pressure On Equifax (techcrunch.com)

Posted by BeauHD on from the can't-say-that-I'm-surprised dept.

An anonymous reader quotes a report from TechCrunch about the little fallout Equifax has faced for one of the worst data breaches in U.S. history: The credit rating giant, one of the largest in the world, was trusted with some of the most sensitive data used by banks and financiers to determine who can be lent money. But the company failed to patch a web server it knew was vulnerable for months, which let hackers crash the servers and steal data on 147 million consumers. Names, addresses, Social Security numbers and more -- and millions more driver license and credit card numbers were stolen in the breach. Millions of British and Canadian nationals were also affected, sparking a global response to the breach. Yet, a year on from following the devastating hack that left the company reeling from a breach of almost every American adult, the company has faced little to no action or repercussions.

"There was a failure of the company, but also of lawmakers," said Mark Warner, a Democratic senator, in a call with TechCrunch. Warner, who serves Virginia, was one of the first lawmakers to file new legislation after the breach. Alongside his Democratic colleague, Sen. Elizabeth Warren, the two senators said their bill, if passed, would hold credit agencies accountable for data breaches. "With Equifax, they knew for months before they reported, so at what point is that violating securities laws by not having that notice?," said Warner. "The message sent to the market is 'if you can endure some media blowback, you can get through this without serious long-term ramifications', and that's totally unacceptable," he said. Earlier this year, the company asked a federal judge to reject claims from dozens of banks and credit unions for costs taken to prevent fraud following the data breach. The claims, if accepted, could force Equifax to shell out tens of millions of dollars -- perhaps more. The hundreds of class action suits filed to date have yet to hit the courts, but historically even the largest class action cases have resulted in single dollar amounts for the individuals affected. And when the credit agent giant isn't fighting the courts, federal regulators have shown little interest in pursuit of legal action. Sen. Elizabeth Warren wrote a letter Thursday to the heads of the Federal Trade Commission (FTC) and Consumer Financial Protection Bureau (CFPB) complaining about their lack of action. "Companies like Equifax do not ask the American people before they collect their most sensitive information," said Warren. "This information can determine their ability to access credit, obtain a job, secure a home loan, purchase a car, and make dozens of other transactions that are critical to their personal financial security. The American people deserve an update on your investigations."

"[O]nly the Securities and Exchange Commission has brought charges -- not for the breach itself, but against three former staffers for allegedly insider trading," TechCrunch points out.

48 comments

  1. Russians; Or, Equi-Fax? by msnash · · Score: -1

    Just like Mueller will get TRUMP, justice will be served to Equi-Fax.

    I am humbly counting down the days.

    1. Re: Russians; Or, Equi-Fax? by Anonymous Coward · · Score: 0

      Humility is rare. I applaud you!

  2. Don't like them? Don't use them by Anonymous Coward · · Score: -1

    Don't like the way the companies behave? Then vote with your wallet. That's how a free market works.

    There's no need for government regulation here. If a company continues to leak information, people will stop using them. Simple and effective, without the need for burdensome laws or regulation.

    1. Re:Don't like them? Don't use them by Anonymous Coward · · Score: 1

      Agreed. I stopped using Equifax years ago and haven't missed them since.

    2. Re:Don't like them? Don't use them by volodymyrbiryuk · · Score: 4, Insightful

      You don't get it, dou you? The average Joe is not a customer of Equifax, he/she is the product. The credit companies are the customers and they couldn't care less about the data breach as it doesn't affect them. You can't just "stop using" them as they colect/buy information without consent.

      --
      sudo rm -r -f --no-preserve-root /
    3. Re:Don't like them? Don't use them by Anonymous Coward · · Score: 1

      I don't think you know how Equifax works, or who it's main customers are. One does not need to have ever used Equifax in order to have their data leaked.

    4. Re:Don't like them? Don't use them by Anonymous Coward · · Score: -1

      found the libtard. all you liberal losers have are personal attacks. in a free market the invisible hand always picks the best result. this has been proven endlessly and yet you all constant to want big fat government and high taxes to do the thinking for you! equifax did NOTHING wrong and it is about for time you stopped attacking the free market because someone you dont like is succeeding hugely by cutting useless regulation and anti-capitalist hate.

    5. Re:Don't like them? Don't use them by Anonymous Coward · · Score: 0

      You aren't who you are pretending to be. You don't believe a word of what you typed.

      You are just trying to make conservatives look like idiots by pretending to be one of them and advocating some stupid that is vaguely similuar to, but not actually, what they advocate.

    6. Re:Don't like them? Don't use them by sjames · · Score: 1

      Occam's razor suggests otherwise.

    7. Re:Don't like them? Don't use them by Anonymous Coward · · Score: 0

      Only when it reinforces your biases.

    8. Re: Don't like them? Don't use them by Anonymous Coward · · Score: 0

      a person should sue the bank for libel if the bank errantly claims that a person borrowed some money. I don't feel like I want to clean up failed transactions between a bank and a criminal that was errantly done in my name - not my responsibility - i'm too tired for their nonsense

    9. Re: Don't like them? Don't use them by Anonymous Coward · · Score: 0

      But if it enforces yours....

    10. Re:Don't like them? Don't use them by Rick+Schumann · · Score: 1

      Yep, we're just a bunch of worthless plebians, who gives a flying fuck if our worthless little lives are ruined? The Rich, and D.C. politicians, guaranteed, are 'protected', so why should they give a fuck?

    11. Re:Don't like them? Don't use them by Anonymous Coward · · Score: 0

      True, but if everyone locked their Equifax credit report and refused to ever unlock it (as well as boycotting any potential creditor that tried to require you to unlock Equifax) they would go out of business. That would teach these companies that there are consequences to their actions.

    12. Re:Don't like them? Don't use them by Anonymous Coward · · Score: 0

      Freeze your credit report and then they can't [legally] sell your info. If enough people do that, it will hurt them in the only place they care about, the balance sheet.

  3. "keep the pressure on"? by Anonymous Coward · · Score: 1

    I don't see any evidence of pressure on these guys, n'mind keeping it on.

  4. no fallout? by Anonymous Coward · · Score: 2, Informative

    Uh-huh.

    Equifax is already facing the largest class-action lawsuit in US history
    https://bgr.com/2017/09/08/equifax-hack-lawsuit-class-action-how-to-join/

    Equifax's Massive Data Breach Has Cost the Company $4 Billion So Far
    http://time.com/money/4936732/equifaxs-massive-data-breach-has-cost-the-company-4-billion-so-far/

    How to Get In on a Class-Action Lawsuit Against Equifax
    https://www.kiplinger.com/article/credit/T017-C000-S002-get-in-on-a-class-action-lawsuit-against-equifax.html

    I won $8,000 from Equifax in Small Claims Court. Here’s how you can, too.
    https://blog.legalist.com/i-won-8-000-from-equifax-in-small-claims-court-heres-how-you-can-too-f0ce6925c079?gi=f38cd2b5686f

    Equifax will not survive fallout from massive breach, says technology attorney
    https://www.cnbc.com/2017/09/14/equifax-will-not-survive-fallout-from-massive-breach-says-technology-attorney.html

    There are 23 class-action lawsuits filed and a congressional investigation, as well as lawsuits that may be yet to come, Grossman said.

    Sure, there's been little fallout.

    1. Re:no fallout? by sjames · · Score: 2

      And yet, Equifax steams on.

    2. Re:no fallout? by Anonymous Coward · · Score: 0

      yeah, so?

    3. Re: no fallout? by Anonymous Coward · · Score: 0

      Do you see the dates on those articles you posted? It's been a year damn near. Crickets.

    4. Re:no fallout? by sjames · · Score: 1

      In other words, I'll believe it when I see it. Remember all those people in banking who were in so much 'deep trouble' after they busted the whole world's economy? Other than a few in Iceland, they're doing just fine today, and richer than ever.

    5. Re: no fallout? by Anonymous Coward · · Score: 0

      I'm not sure you aware of this, but the legal process is sloooooooooooww, particularly when you have multiple class action lawsuits plus potentially thousands of small claims all being filed at roughly the same time.

    6. Re:no fallout? by Anonymous Coward · · Score: 0

      The impact of Equifax's breach has so far been theoretical. It's been over a year and there hasn't been reports of mass identity theft or any such criminal activity that can be directly linked to the breach. It's just one of unfortunate things that has been blown all out of proportion by a hysterical media.

    7. Re:no fallout? by sjames · · Score: 1

      That just means it's hard to know if any particular incident is linked to a particular data breech.

  5. Really? How?? by Anonymous Coward · · Score: 2, Informative

    I got news for you guys, you ARE using them and there's not a goddamn thing you can do about it.

    We are NOT the customers. The banks, credit card companies and everyone else who reports our credit and check people's credit are the customers and they pay Equifax and the other credit reporting companies.

    And that what sucks. And as far as the CFPB is concerned, the Trump Administration and the Republicans in Congress neutered it. The most wonderful thing our government has done in 80 years.

    We need regulations because the free market is incapable of regulating itself.

    1. Re:Really? How?? by Anonymous Coward · · Score: -1

      You don't use banks or credit card companies that use them. Simple enough. Refuse to do business with the companies that do business with them. That's how the free market works.

    2. Re:Really? How?? by PPH · · Score: 1

      I suppose you could put a credit freeze on your records through Equifax. But leave them available through Experian and TransUnion. If your bank or landlord uses Equifax, they'd just turn you down for credit or a lease. But then that rejection would go on your record and be available through the other agencies. Pretty soon your credit score would go in the shitter and you'd have to pay cash for everything.

      --
      Have gnu, will travel.
    3. Re:Really? How?? by Rick+Zeman · · Score: 1

      If they encounter a freeze, lenders don't automatically reject you. Plus, you can unfreeze for a window when you know when you're going to be applying.
      A little research would let you (at least have the illusion of...) take control of your life.

    4. Re:Really? How?? by PPH · · Score: 1

      Plus, you can unfreeze for a window

      The idea is to block Equifax at all times. To encourage lenders to use the alternate services.

      --
      Have gnu, will travel.
    5. Re:Really? How?? by sjames · · Score: 1

      So that leaves a 'choice' of zero banks and zero credit cards.

      That's how market failure works.

    6. Re:Really? How?? by Anonymous Coward · · Score: 1

      The CFPB was created in the wake of the 2008 financial crisis. It was defanged right from the start and the Obama administration did nothing to push it along. In case you've forgotten, the Obama presidency actively prevented the prosecution of the massive mortgage fraud that led up to the financial crisis. William Black (one of the key regulators in the Savings and Loan Crisis that resulted in thousands of executives being sent to prison) offered to work for free to help prosecute the criminals but no one took him up on his offer.

      So stop blaming Trump for everything. The U.S. hasn't had good leadership in the presidency since Eisenhower or Kennedy.

    7. Re: Really? How?? by CoolDiscoRex · · Score: 1
      Except that it doesn't work.

      Companies have gone on records as stating that they would gladly give up the top 10% of their most "demanding" customers. We've even seen some companies, like Sprint, dump customers for calling the service lines X% of average.

      You see, in reality, the minority is forced to accept what the majority will tolerate. If you were to break out a curve, and plot it out, you'd see that the free market favors the unexceptional and mediocre, and thus can be quite frustrating to those who wish things were better.

      For instance:

      If you accept that "critical" or "abstract" thinking, at least in a consistent sense, begins at an IQ of 110-115, you then realize that roughly 20% of Americans fall below this threshold. A super-majority people are under this, and with certanly some exceptions, the super majority tends not to care about things like Terms of Service, Privacy Policies, etc.

      But hey, if you posess an IQ greater than 115, and care about policies and foot voting, all is not lost. All you need to do is patronize companies that care about your concerns and all will be ... wait ... what's this ... there are no companies which cater to the Top 20% anymore? They all gear their policies to what the lower 80% will accept?

      Oh well, that's the free market. If you don't like it, you could always try eating lead paint. If you eat enough of it, you too may not care about silly things like Arbitration Clauses and lack of privacy. It would be for the best. After all, the free market doesn't really want you.

      It's kind of like Democracy itself. Democracy is a terrible form of government. It's idiot-rule. It's a system where people with IQs of 80-90, have the same weight as those with IQs of 130-140. And do you know how those with lower IQ's learn? Repetition. That's why you see all of those commercials and billboards at election time. Screw the susbtance, a picture, a name, and maybe a simple slogan like "working for American values" is really all that's needed. The super-majority will ignore the rest.

      And you will have to accept their decision.

      The "free market" as it exists in the USA is leading to America's decline on a global scale, as companies consistently meet the meager expectations of the masses, while those who hope for more can "vote with their feet", which essentially means "quit your job, patronize no companies, and live in a tent in the woods" ... because really, when it comes to foot voting, there are fewer and fewer places for those feet to take you.

      Since those with average-and-lower IQs more or less set the standard for what the public is forced to accept, I think we'll see increasing discontent amongst the other 20% as time goes on.

      Whether they can or will do something about it is another story, but if there's any hope at all, lawmakers tend to be culled from the Top 20% pool. Also amongst the top 20% are a few percentage points of people who are smart, but make a living exploiting the existing system.

      At the end of the day, corruption tends to be the deciding factor, though, so the bright will be at the mercy of the less bright for the foreseable future.

      I'm glad it works for you, though. Enjoy.

  6. CFPB by Anonymous Coward · · Score: -1, Flamebait

    Warren helped create the CFPB under the last administration, and made it such that it did not have to answer to Congress.

    She is a raging hypocrite now that her party is out of power.

    1. Re:CFPB by Anonymous Coward · · Score: 1

      She is a raging hypocrite

      You should have stopped typing right there. No further qualifiers are necessary. (nor would they improve the accuracy)

  7. Two Democrats, you mean by drinkypoo · · Score: 0

    ...or in other words, nobody with any power right now.

    Maybe after the next election we can care what Democrats do, but right now it's irrelevant. And yes, that is a failure of our government, but it's still true.

    --
    "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
    1. Re:Two Democrats, you mean by _Sharp'r_ · · Score: 0

      It is amazing this article and summary spends so much time talking about what two Democrats said, as opposed to what's happened and what the Republicans have done, which is more than Warner or Warren ever did. It's almost like to Techcrunch, Republicans don't exist except as targets to attack.

      Funny how this very topically relevant information didn't make the "article", but the current Congress passed and Trump signed a bill taking effect 9/21 which according to the FTC includes provides for:

      Free credit freezes
      What is it? A credit freeze restricts access to your credit file, making it harder for identity thieves to open new accounts in your name. Usually you get a PIN to use each time you want to freeze and unfreeze your account to apply for new credit.
      What’s new? Currently, credit freezes may involve fees, based on state law. Starting this fall, it will be free to freeze and unfreeze your credit file throughout the country.

      Free child credit freezes
      What is it? A child credit freeze allows you to freeze a child’s credit file until the child is old enough to use credit.
      What’s new? Currently, some state laws allow you to freeze a child’s credit file. Starting September 21st, no matter where you live, you’ll be able to get a free credit freeze for children under age 16.

      Year-long fraud alerts
      What is it? A fraud alert will tell any business that runs your credit that they should check with you before opening a new account.
      What’s new? Currently, fraud alerts last 90 days. Starting this fall, an initial fraud alert will last for one year. It will still be free and identity theft victims can still get an extended fraud alert for seven years.

      The article makes much about a letter Warren sent, but doesn't mention what the committee Chair, Hatch sent:

      Provide the Committee a detailed timeline of the breach, including when it began, its discovery, the investigation of its scope and source, notification of authorities, efforts to notify customers and consumers, notification to the Equifax board of directors, and notification of Equifax senior executives – including, but not limited to, John Gamble Jr., Rodolfo Ploder, and Joseph Loughran.

      Please describe Equifax’s efforts to identify the scope of affected consumers and breadth of information compromised.

      What steps has Equifax taken to identify and limit potential consumer harm associated with this breach?

      Does Equifax plan to provide notice to each affected consumer, or will it rely on the consumer-initiated checks found at “equifaxsecurity2017.com” to inform them?

      Your firm set up a website, “equifaxsecurity2017.com,” in the wake of this announcement.

      --
      The party of stupid and the party of evil get together and do something both stupid and evil, then call it bipartisan.
    2. Re:Two Democrats, you mean by drinkypoo · · Score: 2

      It is amazing this article and summary spends so much time talking about what two Democrats said, as opposed to what's happened and what the Republicans have done,

      ...which is fuck-all. The Equifax credit freeze website doesn't work. It just sits and spins forever, like we're expected to do.

      --
      "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
    3. Re:Two Democrats, you mean by Anonymous Coward · · Score: 0

      Fraud alerts are a horse and pony show. Lifelock and it's ilk are useless, may as well burn your money rather than pay for that service...

  8. all democrat party are on equifax side by Anonymous Coward · · Score: 0

    This is why you should forever not vote democrat. equifax break was funded and caused by clinton and soros to undermine amazing trump. no doubt.

  9. Don't use them - YOU ARE NOT EQUIFAX'S CUSTOMER! by FeelGood314 · · Score: 1

    You are the product. (Just like you are facebook and google's product). You are however your credit card companies customer. If there was pressure put on the credit companies not to share information with an insecure entity like Equifax then Equifax would either put some effort into security or go bankrupt. Equifax has to have a near complete picture of everyone's credit score to remain in business. If even a few creditors stopped sharing information with them they would be in big trouble.

    So if you want to punish Equifax, somehow convince your bank or credit card company not to share their credit information with them. Not sure you will have any luck, but it's probably your best approach.

  10. Moral Hazzard by FeelGood314 · · Score: 3, Interesting

    I see this all the time in security. The company responsible for the security isn't the one hurt by a security breach so they put almost no effort into security. Banks in the UK used to be the worst example of this. Internal fraud was so bad they would resist any controls so that they could deny it was their fault. Small toy companies and companies printing tickets had the best security. (Military security is in just incompetent by inertia)

    What we need are regulations that shift the cost of security breaches onto the entities best able to prevent them. We also need to make stored data toxic so that most companies won't even keep your information.

    1. Re:Moral Hazzard by Anonymous Coward · · Score: 0

      Correct. Currently the data is worth something, companies don't put anything into producing it, and they still have it after theft. No great loss for them.

      The problem started when financial institutions were allowed to share their data. Big data formed when companies started to store and sort for the sake of security. Over time it became big business to sell it and became tied to marketing companies. Stop the financial data sale especially to marketing groups and the industry will start to stabilize. Force reporting and quadruple fines for non-reported financial breaches and security would become a norm.

      The industry still hasn't admitted it has a problem so it may be some time for them to change.

  11. crisis abused to further bureaucracy by Anonymous Coward · · Score: -1

    Unfortunately, the CFPB promotion by Elizabeth Warren is a highly partisan exercise, aimed at growing the CFPB and it's purview. They already spend like $600M a year and have no performance metric. They just get in and interfere with banking driving prices UP!

    This is more Dodd-Frank bu115hit aimed at helping large banks and decimating small ones.

    And by having the federal trade commission involved this only LEGITIMIZES Equifax misdeeds!

    The investigation (and hopefully the shutdown!) of Equifax belongs to the SEC or other real regulatory groups.

    Investigate Fair Isaac, FICO should NOT be a publicly traded entity, but rather out to be a non-profit clearinghouse that levels the playing field among banks by standardizing consumer risk info.

    Elizabeth Warren's hand is in the cash register! Kick her and this partisan agenda to manipulate consumer finance out!

  12. tell them... by Anonymous Coward · · Score: 0

    SSID is not a password

  13. ioitsol by Anonymous Coward · · Score: 0

    I am capable of making your product stand out by planning product boxes, designing product packaging, insert cards and labels in an aesthetically pleasing way.
    we deliver your Product PACKAGING an Labeling ORDER SUPER FAST and SUPER QUALITY. You can count on us and you will never regret about your design reach out and get yours design for only $5.

    https://www.fiverr.com/aliarslangorsi2/be-your-seo-agency

  14. Equifax data breach never happened.... by Anonymous Coward · · Score: 0

    It was a PR stunt to funnel business to Experian's Dark Web Scanning service. At the time of the "so-called" breach, this services was just announced. Remember, Experian setup a website, www.equifaxsecurity2017.com, to help consumers determine whether their data was at risk. The site required "customers" to enter their last name and the last six digits of their Social Security number. When they did, however, they did not get a confirmation about whether they were affected by the breach. Instead, the site provided an enrollment date for its protection service, which was still not ready for several days.

    Also this was a true data breach, there would have been far more activity in Washington. They had hearings on Facebook's data sharing policies but not this? Seem to me Equifax was able to defuse Congress by informing members confidentially that the breach was a PR stunt.

    I have no proof...just circumstantial evidence...is only my humble but wild ass theory out there for all to ridicule...

  15. one of the worst data breaches in U.S. history by Spencer+Drager · · Score: 1

    It was not "one of the worst data breaches". It was THE worst.

    With a US population of 325.7 million...

    146m names, DOBs, and SSNs were stolen.
    99m addresses.
    27m genders
    20m phone numbers
    18m drivers license numbers.

    It really doesn't get much worse than that.

  16. Oh look it finally worked by drinkypoo · · Score: 1

    ...which is fuck-all. The Equifax credit freeze website doesn't work. It just sits and spins forever, like we're expected to do.

    After retrying literally about 20 times, I finally got the site to work and placed a freeze. Shouldn't these pricks have to maintain a reasonable level of availability of a site which fulfills a legal requirement?

    --
    "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"