Sarbanes Joins E&C Dems in Questioning Equifax on Massive Data Breach

September 12, 2017
CONTACT: Daniel Jacobs
(202) 225-4016

WASHINGTON, D.C. – Congressman John Sarbanes (D-Md.) today joined fellow Democrats on the Energy and Commerce Democrats today in sending a letter to Equifax Chairman and CEO Richard Smith seeking more information about the massive data breach that has compromised the sensitive personal information of approximately 143 million Americans. 

The members asked Mr. Smith what Equifax is doing to address consumers’ privacy and security concerns, how the breach occurred in the first place and what the company is doing to prevent security breaches in the future. The members also questioned why it took Equifax more than a month to disclose the data breach to the public, and expressed concern that consumers continue to report difficulties in receiving basic information from the company about whether their personal information was compromised.

The letter was signed by all of the Democrats on the Energy and Commerce Committee – Ranking Member Frank Pallone, Jr. (D-N.J.), Bobby Rush (D-Ill.), Anna Eshoo (D-Calif.), Eliot Engel (D-N.Y.), Gene Green (D-Tex.), Diana DeGette (D-Colo.), Mike Doyle (D-Penn.), Jan Schakowsky (D-Ill.), G.K. Butterfield (D-N.C.), Doris Matsui (D-Calif.), Kathy Castor (D-Fla.), John Sarbanes (D-Md.), Jerry McNerney (D-Calif.), Peter Welch (D-Vt.), Ben Ray Lujan (D-N.M.), Paul Tonko (D-N.Y.), Yvette Clarke (D-N.Y.), David Loebsack (D-Ia.), Kurt Schrader (D-Ore.), Joe Kennedy, III (D-Mass.), Tony Cárdenas (D-Calif.), Raul Ruiz (D-Calif.), Scott Peters (D-Calif.), and Debbie Dingell (D-Mich.).

“Your company profits from collecting highly sensitive personal information from American consumers—it should take seriously its responsibility to keep data safe and to inform consumers when its protections fail,” the members wrote to Equifax CEO Richard Smith.

“We are writing with serious concerns about the immense scale of this data breach, and we have a number of questions about whether Equifax took appropriate steps to safeguard the personal information of consumers,” the Democratic Committee members continued in their letter. “We also have concerns about the amount of time it took for Equifax to notify the public of the breach and about the way Equifax is providing information to consumers.”

Almost immediately after Equifax announced the breach, consumers reported a number of problems with the website – where people were directed to go to determine if their information was compromised. People who checked the website on both their mobile device and a desktop computer received different results. False information entered into the fields also provided the same result as real information.   

With an Energy and Commerce hearing on the Equifax data breach expected later this month or in October, the members requested answers to a series of questions prior to the hearing, including:

  • Why did it take Equifax more than a month to announce this massive data breach?
  • How did Equifax determine that offering credit monitoring services for one year – provided by Equifax itself – would be adequate to make consumers whole?
  • How much money per year would an affected customer pay Equifax to extend the “complimentary” credit monitoring services beyond one year? How much money would Equifax make after one year on credit monitoring services that would be unnecessary but for Equifax’s failure to safeguard consumer data?
  • What measures is Equifax implementing after the event to improve the protection of consumer information residing on its network?
  • What measures is the company taking to investigate the sale of stock in the aftermath of the company’s discovery of the data breach, including whether these or other executives sought to delay the announcement of the data breach?
  • What measures, other than offering credit monitoring services and identity theft protection, is Equifax taking to mitigate harm to consumers?

A copy of the letter is available here.