REP. ROSEN CALLS OUT EQUIFAX FOR PUTTING PROFITS AHEAD OF CONSUMERS, SENDS LETTER DEMANDING ANSWERS FROM CEO ON DATA CYBER BREACH
“As someone who has written code for some of the biggest companies in Nevada, I understand the severity and urgency behind protecting sensitive information from a cyber attack or security breach,” said Rosen. “Anyone who works with software knows the importance of keeping every line of code up to date, especially if it’s a problem that has been detected. Instead of taking precaution and protecting consumers who trusted Equifax with their most sensitive information, Equifax executives shamelessly placed profits ahead of people. Their irresponsible actions have left millions of Americans vulnerable to identity theft. I will continue to fight on behalf of consumers by demanding answers from Equifax on why it failed to fix its software months before it experienced a massive hack.”
BACKGROUND: Equifax, a major consumer credit reporting agency, recently disclosed that it experienced a massive data breach believed to have occurred in May and discovered internally by Equifax in late July. The delay in notifying affected consumers further risked exposing them to criminal activity. Equifax has stated that the three executives were not notified of the breach when they sold shares and exercised options. The letter signed by Rep. Rosen demands to know why Equifax delayed informing impacted consumers about the data breach and, if the three executives indeed did not know about the breach before selling off their stock in violation of insider trading laws, why these three top-level company officials were kept in the dark about such a serious cyberattack. Rep. Rosen is a former systems analyst and Member of the House Science Committee’s Research & Technology Subcommittee, which has jurisdiction over civilian cybersecurity matters.
View full text of the letter here & below:
Dear Mr. Smith:
We write regarding the data breach at Equifax. As one of the three major U.S. credit bureaus, Equifax hosts the sensitive personal information of millions of Americans, such as Social Security numbers, birth dates, and driver’s license numbers.
On September 7, 2017, Equifax announced its computer systems had been breached between mid-May and July of this year. Although the data breach was discovered on July 29, Equifax waited six weeks before informing the public. The delay may have further exposed affected consumers by not allowing people to pursue mitigative measures as soon as possible. Equifax has an obligation to safeguard the sensitive information of consumers and notify individuals in a timely manner when their information has been compromised.
Reports indicate hackers utilized a vulnerability on the Equifax website to obtain the sensitive information of up to 143 million Americans – more than half of the country. Per news reports, the credit card information of 209,000 Americans was compromised. Please explain what factors affected Equifax’s decision to delay the announcement of the intrusion.
Also of concern, three senior Equifax executives sold company shares worth a combined $1.8 million a few days after discovery of the breach but before the public was notified of the cyberattack. Equifax has alleged the senior executives were unaware of the breach. If this statement is true, why were the three individuals – including the Chief Financial Officer – not notified given their prominent role within the company?
We are troubled by the wide scope of this data breach and Equifax’s response to this serious matter. Due to this cyber incident, our constituents are potentially exposed to criminal activity, such as identify theft. Therefore, as representatives for many of those affected by the breach, we respectively request a detailed response to our concerns.