“We are deeply troubled by recent news reports that, under Director Mulvaney’s leadership, the CFPB has stopped its investigation into the Equifax breach,” the Senators wrote in a letter to Office of Management and Budget Director Mick Mulvaney and CFPB Acting Director Leandra English. “The CFPB is currently the only federal agency with supervisory authority over the largest consumer reporting agencies. Consumer reporting agencies and the data they collect play a central role in consumers’ access to credit and the fair and competitive pricing of that credit. Therefore, the CFPB has a clear duty to supervise consumer reporting agencies, investigate how this breach has or will harm consumers, and bring enforcement actions as necessary.”
According to reports, CFPB has not issued any subpoenas, sought testimony from key executives at Equifax, or proceeded with on-site examinations.
The Equifax breach exposed data that included customers’ names, Social Security numbers, birthdates, addresses, driver’s license numbers, and, for some consumers, credit card numbers. This data could easily be used by criminals to steal people’s identity or commit fraud. The impact on consumers whose data has been stolen is potentially devastating. As a result of identity theft and fraud, customers face the risk of having debt accrued in their name. They could suffer long-lasting damage to their credit, which could lead to them being denied loans, mortgages, employment, or even rental housing. To resolve the damage done by this data breach, they will likely spend months, if not years, trying to correct resulting errors and problems with their financial records.
Sen. Warner has been a leader in calling for better consumer protections from data theft. He has introduced legislation to prevent data breaches and hold credit reporting agencies (CRAs) like Equifax accountable, giving the FTC more direct supervisory authority over their data security, imposing mandatory penalties on CRAs to incentivize adequate protection of consumer data, and providing robust compensation to consumers for stolen data. Following the Equifax data breach, Sen. Warner asked the Federal Trade Commission (FTC) to examine whether credit reporting agencies such as Equifax have adequate cybersecurity safeguards in place for “the enormous amounts of sensitive data they gather and commercialize.” He slammed the credit bureau for its cybersecurity failures and weak response at a Banking Committee hearing with Securities and Exchange Commission (SEC) Chairman Jay Clayton last year.
In addition to Sen. Warner, others joining the letter include Sens. Brian Schatz (D-HI), Bob Menendez (D-NJ), Elizabeth Warren (D-MA), Sherrod Brown (D-OH), Jeanne Shaheen (D-NH), Jon Tester (D-MT), Chris Van Hollen (D-MD), Tom Udall (D-NM), Heidi Heitkamp (D-ND), Tammy Duckworth (D-IL), Catherine Cortez Masto (D-NV), Jeff Merkley (D-OR), Jack Reed (D-RI), Ed Markey (D-MA), Joe Donnelly (D-IN), Tina Smith (MN), Tammy Baldwin (D-WI), Kirsten Gillibrand (D-NY), Gary Peters (D-MI), Patty Murray (WA), Bernie Sanders (I-VT), Richard Blumenthal (D-CT), Angus King (I-ME), Ron Wyden (D-OR), Maggie Hassan (D-NH), Dianne Feinstein (D-CA), Amy Klobuchar (D-MN), Debbie Stabenow (D-MI), Dick Durbin (D-IL), Chris Murphy (D-CT), and Doug Jones (D-AL).