Federal investigation into massive Equifax hack reportedly withers
Consumer credit reporting agency Equifax stunned the world late last year, admitting to major hacks in the spring and summer of 2017, exposing credit data on millions of consumers across multiple countries including the U.S., U.K., and Canada. Now, Reuters alleges that one major investigation into the hack is spinning its wheels.
Sources say the Consumer Financial Protection Bureau (CFPB), a federal agency that oversees consumer protection in the financial arena, has allowed its investigation to wither. The CFPB, then lead by Richard Cordray, began its investigation in September 2017. Cordray resigned in November, however. Mick Mulvaney, appointed as Cordray’s replacement by President Donald Trump, may not be pursuing the investigation with vigor.
Specifically, Mulvaney hasn’t ordered subpoenas or sought testimony from company executives. Sources also claim the CFPB decided not to pursue a plan to test Equifax’s data protection. Finally, the agency is said to be uncooperative with regulators from the Federal Reserve, among others.
The CFPB isn’t the only organization investigating the Equifax hack. The Federal Trade Commission has its own investigation and has issued subpoenas. Every state attorney has its own open investigation, and hundreds of class-action lawsuits have been filed.
Even so, a pullback in the CFPB investigation would be significant. Its stated purpose most directly intersects with Equifax’s services, and the agency is known to slap credit agencies with significant fines. It levied $17.6 million in fines against TransUnion and Equifax in January 2017 over deceptive pricing of credit reports. While the FTC has also hit companies with major fines, it doesn’t have an extensive history of pursuing credit agencies for fines of that magnitude.
That could change. A bill called the Data Breach Prevention and Compensation Act was introduced in January, and part of it would grant the FTC more oversight over credit agencies. It’s estimated that the bill, if made law, would let the FTC hit Equifax with a $1.5 billion fine. Congress has yet to vote on the bill.
The CFPB hasn’t commented on the story by Reuters. Transunion, however, told Reuters in a statement that, “We believe that it is clear that the CFPB was not given legal authority to supervise any financial institutions with respect to cybersecurity.” Equifax also has not provided a statement on the matter.
This development is just the latest twist in the saga of the Equifax and, if correct, suggests the federal government’s response will be meager. Still, as noted, there are hundreds of lawsuits pending, from states and class-action suits. It will no doubt be years before the legal fallout settles.
- This real-time map of antivirus fails is roasting MalwareBytes’ competitors
- Facebook bans advertisements for cryptocurrency exchanges
- What is Ethereum?
- DARPA funds unhackable computer project to replace ‘patch-and-pray’ solutions
- Apple vs. Qualcomm: Everything you need to know