Equifax spent over $1 million last year on lobbying efforts, according to data compiled by the Center for Responsive Politics. Mike Stewart/AP hide caption
toggle caption
Mike Stewart/AP
Equifax spent over $1 million last year on lobbying efforts, according to data compiled by the Center for Responsive Politics.
Mike Stewart/AP
Updated at 11:55 p.m. ET
The Equifax data breach exposed the personal information of an estimated 143 million Americans. It has led to a lawsuit against the company by the state of Massachusetts, an investigation by the Federal Trade Commission and the promise of congressional hearings. The episode, though, has revealed that up until now, the big three credit reporting companies have had a lot of clout in Washington, D.C., analysts say.
The credit reporting companies have to comply with rules set by the Federal Trade Commission and the Consumer Financial Protection Bureau, which regulate how the companies can sell your financial data to other companies.
Business
After Equifax Hack, Consumers Are On Their Own. Here Are 6 Tips To Protect Your Data
But protecting that data is a kind of regulatory black hole. There is very little oversight — compared to banks, for example, says Rohit Chopra, a former assistant director of the CFPB. "To maintain a national bank license, banks have to prove that their standards are up to snuff," he says, "but credit reporting agencies don't face that same level of oversight, even though they hold data on the majority of American adults."
Chopra says what he calls the "meltdown at Equifax should be a wake-up call" to consumers about the outsized role credit reporting companies play "without our consent."
Chopra is now a senior fellow at the Consumer Federation of America, where he wrote up advice for those affected by the breach. Chopra says there are few rules protecting consumers' data or that require credit bureaus to immediately notify consumers in the event of a breach. It took Equifax some six weeks to reveal the hack, and the company left it up to consumers to try to find out if their data had been stolen.
The Two-Way
Equifax Confirms Another 'Security Incident'
Chopra says people have little control over their information, and that with credit bureaus, "in some ways you're not the customer, you're the product."
And Ed Mierzwinski of U.S. PIRG (Public Interest Research Group) says when it comes to choosing a credit bureau, consumers have no choice. "If you don't like AT&T or Verizon, you can go to T-Mobile, you can take your business elsewhere, you vote with your feet. You can't vote with your feet with a credit bureau," he says. "You're stuck with them."
Mierzwinski says the credit bureaus have fought attempts to make them more transparent. The three companies, Equifax, Experian and TransUnion, spent nearly $3 million to lobby lawmakers last year, according to figures compiled by the Center for Responsive Politics. In fact, he says, House lawmakers were considering legislation the industry favored on Sept. 7: "On the day of the Equifax breach announcement, the House held hearings on not one, but two bills to weaken consumer protections over the credit bureaus'."
The Two-Way
3 Equifax Executives Sold Stock Days After Hack That Wasn't Disclosed For A Month
One of the measures would cap the amount of damages that consumers could be awarded in a lawsuit against the companies. Its sponsor, Rep. Barry Loudermilk, R-Ga., defended the bill at that hearing, saying it had been presented "that this is a credit bureau protection act. This is false. This is to protect consumers and all Americans."
Since the breach was revealed, Loudermilk issued a statement saying that "given the unfounded attacks on me and the rampant misinformation circulating about this legislation, the Financial Services Committee has not scheduled further action on any bill at this time."
He also said that Equifax must be "held accountable" for the breach. A member of the Financial Services Committee, Loudermilk said he would be part of an investigation into the breach and that work had begun on legislation to require credit bureaus and other companies to promptly notify consumers if their data is breached.
Several Democratic senators, led by Elizabeth Warren of Massachusetts, have sponsored a measure that would forbid credit bureaus from charging consumers to freeze or unfreeze access to their accounts. It would also require the companies to refund any fees they have charged for credit freezes after the Equifax breach.
Equifax says it will waive fees for removing and placing security freezes through Nov. 21.
FAQs
Supervised by JND Legal Administration — a team of court-appointed lawyers — Equifax made a $700 million settlement, offering affected Americans either a $125 payout or 10 years of free credit monitoring and $1 million in identity theft insurance provided by Equifax.
What was the major lesson behind the Equifax data breach? ›
Be highly sensitive to the human behavioral component. The human factor is usually a major problem. Employees can be sloppy. With Equifax, it was a human problem, NOT a technical problem.
What changes did Equifax make after breach? ›
The company has increased cybersecurity oversight by top executives and keeps its board better informed about security projects. It allocated an extra $1.25 billion for technology and security investments between 2018 and 2020 and hired around 1,000 employees in IT and cybersecurity over the past year.
What were the key impacts of Equifax breach? ›
It potentially affected 143 million people — more than 40 percent of the population of the United States — whose names, addresses, dates of birth, Social Security numbers, and drivers' licenses numbers were exposed.
How much compensation can you get for a data breach? ›
Under DPA and GDPR, you are entitled to file a data breach claim up to £2,000 or more in data breach compensation if: Your personal data has been leaked, disclosed, lost, mis-used or hacked, corrupted. It doesn't matter if you suffered economic loss, you still can make a claim. breach was deliberate or negligent.
When should I expect my Equifax settlement check? ›
Checks or pre-paid cards for valid claims for Out-of-Pocket Losses, Time Spent, and Alternative Reimbursem*nt Compensation will be mailed by the Settlement Administrator to the mailing address that you provide. Settlement benefits for eligible out-of-pocket losses and time spent began issuing in mid-December 2022.
What did hackers steal from Equifax? ›
Information accessed in the breach included first and last names, Social Security numbers, birth dates, addresses and, in some instances, driver's license numbers for an estimated 143 million Americans, based on Equifax' analysis. Information on almost 14 million British residents was also compromised.
What was the conclusion of the Equifax breach? ›
In January of this year, Equifax settled the 2017 data breach and agreed to pay $1.38 billion, which includes $1 billion in security upgrades. Since then, the U.S. government has indicted four members of China's military on charges of hacking Equifax to exploit the personal data of 150 million Americans.
Was the Equifax breach entirely preventable? ›
In a report released today, the House Committee on Oversight declared that the Equifax breach, which affected 148 million U.S. consumers, was "entirely preventable." The breach, one of the largest in U.S. history, compromised the authenticating details, including dates of birth and social security numbers, of more than ...
Did the Equifax breach affect me? ›
Equifax has created a website where you can find out if you have been affected by the breach. The website will ask you for the last six digits of your social security number and your last name, and then will tell you if you have been affected. You can also call 1-833-759-2982.
Equifax failed to fully appreciate and mitigate its cybersecurity risks. Had the company taken action to address observable security issues, the data breach could have been prevented. Lack of accountability and management structure.
Why does Equifax have the worst reputation? ›
Lack of transparency, not only put the company at greater levels of company risk, it also served to unknowingly expose millions of consumers to higher levels of personal risk. This in turn makes the General Public less forgiving of Equifax in how it handled the issue.
Has anyone received Equifax settlement check? ›
Consumers are receiving payments after a data breach
The cash payments — which may be far less than $125, such as $5 or $21 — began going out in mid-December either as a check, payment to a PayPal account or prepaid card via email from the settlement administrator, depending on how the consumer chose to receive it.
How do I check the status of my Equifax settlement payment? ›
Visit the administrator's website, www.equifaxbreachsettlement.com, which includes a Frequently Asked Questions page. Call the settlement administrator at this toll-free number - 1-833-759-2982. Go to the Federal Trade Commission's website.
Why is my Equifax settlement so small? ›
The low-dollar payouts are the result of an anemic settlement negotiated by the FTC. As part of the settlement's restitution fund, Equifax had to create a fixed pot of $31 million to cover compensation for consumers whose data was stolen but hadn't yet been the victim of any direct loss.
Why is the Equifax settlement so low? ›
Equifax started sending out payments to people affected by its massive 2017 data breach. But, as consumers quickly realized, the settlement payments are way less than the expected $125 per consumer. People have gotten as little as $5.21 because of the sheer number of people who filed claims for the money.
