The top Republican and Democrat on the Senate Commerce, Science and Technology Committee last Friday sent a letter to Equifax [EFX] regarding a data breach that the credit reporting agency disclosed last Thursday that affected personal information on 143 million Americans.
“Protecting consumers has been and will remain a key priority of this Committee,” Sens. John Thune (R-S.D.) the chairman, and Bill Nelson (D-Fla.), the ranking member, wrote the company in their Sept. 8 letter. “Our goal is to understand what steps Equifax has taken to investigate what occurred, restore and maintain the integrity of its systems, and identify and mitigate potential consumer harm.”
Thune and Nelson said that given the kinds of information and number of people potentially put at risk by the breach, which the company has said occurred between mid-May and July, “we regard this incident as a major data security breach.” Equifax said it discovered the breach in late July.
In a statement Sept. 7 on its website, Equifax said that it “found no evidence of unauthorized activity on Equifax’s core consumer or commercial credit reporting databases. The information accessed primarily includes names, Social Security numbers, birth dates, addresses and, in some instances, driver’s license numbers. In addition, credit card numbers for approximately 209,000 U.S. consumers, and certain dispute documents with personal identifying information for approximately 182,000 U.S. consumers, were accessed.”
Thune and Nelson sent their letter to Richard Smith, CEO of Equifax. They point out that federal law requires financial institutions to have comprehensive information security program and that “various state laws” require entities that have suffered a cyber security breach to notify affected consumers “in a timely manner” so that they can take steps to protect themselves from identity theft.
The senators asked Smith to have his staff brief the committee’s staff by Sept. 15 and for Smith to respond to their questions by Sept. 25.