U.S. Politicians Demand Probe of Equifax After Hack
15.9.2017 securityweek CyberCrime
A senior US senator called Wednesday for a federal investigation of credit rating agency Equifax after the company lost the personal data of 143 million customers to hackers.
Senator Mark Warner asked the Federal Trade Commission, one of the few bodies with oversight powers over loosely-regulated credit raters, to examine Equifax's security practices and its "widely-panned response" to consumers potentially impacted by the breach.
Warner, a member of the powerful Senate Banking Committee, accused the company of "exceptionally poor cybersecurity practices" that continued even after the hack became known.
He also said the company's woeful response to people whose data may have been lost -- including trying to charge them for protection -- was "alarming".
"The volume and sensitivity of the data potentially involved in this breach raises serious questions about whether firms like Equifax adequately protect the enormous amounts of sensitive data they gather and commercialize."
Equifax is one of the three major firms which collect consumers' financial data in order to rate their credit-worthiness to banks, home sellers, auto sellers and others who depend on consumer credit in marketing.
The data the company admitted to losing on September 7 includes people's names, social security numbers, addresses, credit card numbers, and other financial details.
Such data is often used by criminals to steal people's identities for financial gain.
Although crucial to the smooth functioning of the US banking industry, credit rating agencies are little regulated, and Warner called for the FTC to take a stronger oversight role.
US officials are investigating the data hack but would not say Wednesday if they knew who was behind it, though foreign hackers are widely suspected.
The breach took place from mid-May through July 2017 via a website application vulnerability that US cyber security companies say they had identified in March.
Congress has expressed outrage at the hack and the company's management of it. Particular anger has been aimed at allegations that three Equifax officials sold their stock in the company before the hack was made public.
On Monday Senate Finance Committee Chairman Orrin Hatch and Ranking Member Ron Wyden called on Equifax to explain the breach and its actions to the committee.
"The scope and scale of this breach appears to make it one of the largest on record, and the sensitivity of the information compromised may make it the most costly to taxpayers and consumers," they told Equifax in a letter.