Breach of faith?
Lawmakers demand Equifax hack facts
Two US agencies have kept Congress in the dark about their investigations into last year’s hack of Equifax — one of the largest and most potentially damaging data breaches in history — two lawmakers claim in a Friday letter.
The letter was released on the one-year anniversary of the hack, which revealed more than 140 million Americans’ Social Security numbers and other private data.
Sen. Elizabeth Warren, D-Mass., and Rep. Elijah Cummings, D-Md., claim that no one at the Consumer Financial Protection Bureau or the Federal Trade Commission has answered an April letter asking for information about the agencies’ probes into the breach, including whether they have taken basic first steps.
“We have yet to receive a response,” Warren and Cummings wrote in the letter addressed to Mick Mulvaney, the acting CFPB director, and FTC Chairman Joseph Simons.
Both agencies have ac- knowledged investigations into the company.
In the letter, the lawmakers asked for the name of a person to contact about the progress of the agencies’ probes.
The letter was released along with a 40-page report from the Government Accountability Office that included details about how hackers had been able to exploit Equifax’s vulnerabilities.
Still-unidentified hackers broke into Equifax’s systems because the company hadn’t updated the security features on its Apache Struts software, which The Post first reported last Sept. 8.
Equifax hadn’t updated the software because an emailed list of system administrators was “out-ofdate and, as a result, the notice was not received,” according to the report.
The GAO report also reveals that Equifax had turned down the Department of Homeland Security’s help in securing its computer systems following the hack, opting instead for a private firm.