Indian-American Congressman Raja Krishnamoorthi, D-Illinois, on May 7, joined leading lawmakers from both the House and Senate to reintroduced the Data Breach Prevention and Compensation Act to hold large credit reporting agencies (CRAs), including Equifax, accountable for data breaches involving consumer data.
Krishnamoorthi along with Chairman of the House Committee on Oversight and Reform Elijah E. Cummings, D-Maryland, joined U.S. Senators Elizabeth Warren, D-Massachusetts, and Mark Warner, D-Virginia, to introduce the bill which would impose mandatory penalties for breaches, require cybersecurity inspections, and compensate consumers for stolen data, as it gives the Federal Trade Commission more direct supervisory authority over data security and credit reporting agencies (CRAs).
“Working for the people means protecting the personal data of consumers and holding companies accountable for data breaches that compromise consumer health and safety,” Krishnamoorthi is quoted saying in the press release. “As the Chair of the Oversight Subcommittee on Economic and Consumer Policy, I am proud to co-lead this bicameral legislation to prevent the negligence and abuses which could lead to the next consumer data breach.”
If this legislation sees the light of day, Equifax, which experienced one of the largest data breaches of any credit reporting agency, would have to pay at least $1.5 billion in penalties for the 2017 data breach, the lawmakers estimate based on the latest report they released the same day, entitled “Breach of Trust” prepared by the offices of Senators Warren, Warner, and Brian Schatz, D-Hawaii, and Rep. Krishnamoorthi. Their report concludes that the Consumer Financial Protection Bureau’s complaint database showed a failure to protect consumers after the Equifax breach which compromised private information of some 143 million Americans.
Their new analysis of consumer complaints to the CFPB, they say, revealed that in the 18 months after the Equifax breach was announced, consumers filed more than 52,000 complaints related to Equifax, nearly double the number from the same period before the breach was announced.
They raised concerns including that Equifax “is still failing consumers by providing inadequate responses to consumer complaints over the course of several months and refusing to remove incorrect information from credit reports despite consumers contacting Equifax multiple times.”
In September 2017, Equifax announced that hackers stole sensitive personal information — including Social Security Numbers, birth dates, credit card numbers, driver’s license numbers, and passport numbers — of over 143 million Americans, a number later revised up to 145.5 million people, the press release noted.