Equifax Draws Further Congressional Ire After Hack Disclosure (2)

Bloomberg Law: Privacy & Data Security brings you single-source access to the expertise of Bloomberg Law’s privacy and data security editorial team, contributing practitioners,...

By Daniel R. Stoller

Equifax Inc. is again under congressional scrutiny after confirming the identities of 2.4 million consumers whose driver’s license data was stolen in the massive 2017 data breach.

Senate and House Commerce Committee lawmakers March 1 said they want more information from Equifax and its cybersecurity contractor, Mandiant Corp., following the latest disclosure.

The lawmakers’ briefing request expands a congressional probe of Equifax’s handling of the breach and preventive measures. It also highlights that cybersecurity companies like Mandiant that assist with an internal business investigation can be brought before Congress to provide information.

Senate Commerce Committee Chairman John Thune (R-S.D.) said he wants Equifax to “clean up its mess” and will be “reaching out to Equifax to get more information about this development and to express” concern on its responses to the breach.

House Energy and Commerce Committee Chairman Greg Walden (R-Ore.) and Subcommittee on Digital Commerce and Consumer Protection Chairman Bob Latta (R-Ohio) requested a briefing with Mandiant, which is leading the post-breach investigation.

“This latest announcement from Equifax is deeply concerning, and raises even more questions about the company’s total failure in safeguarding consumers’ information and providing adequate tools for protection post-breach,” Walden and Latta said in a joint statement. Equifax revealed in September 2017 that hackers accessed personal data of 143 million customers, including social security numbers and birth dates, between May and July 2017.

“This is not about newly discovered stolen data,” Interim Equifax CEO Paulino do Rego Barros, Jr., said in a statement. “It’s about sifting through the previously identified stolen data, analyzing other information in our databases that was not taken by the attackers, and making connections that enabled us to identify additional individuals.

Other lawmakers also expressed concern over the disclosure.

Sen. Elizabeth Warren (D-Mass.), who has focused on Equifax since the data breach, said in a statement that Equifax can’t be trusted because “their mistakes allowed the breach to happen, their response has been a failure, and they still can’t level with the public.” Congress must hold “the credit reporting industry accountable” for their cybersecurity shortcomings, she said.

Equifax has pledged to continue working with lawmakers on breach-related inquiries.

“Equifax continues to cooperate and respond to the many congressional committees who have expressed interest and it looks forward to continuing constructive conversations that are geared toward enhancing consumer credit protections,” Ines Gutzmer, company spokesman, told Bloomberg Law.

Mandiant declined an email request from Bloomberg Law for comment.

(Updates with Sen. Thune statement)

To contact the reporter on this story: Daniel R. Stoller in Washington at dstoller@bloomberglaw.com

To contact the editor responsible for this story: Roger Yu at ryu@bloomberglaw.com

Copyright © 2018 The Bureau of National Affairs, Inc. All Rights Reserved.

Request Bloomberg Law: Privacy & Data Security