The Atlanta Journal-Constitution
Sen. Warren blasts Equifax over breach in new report
Equifax this week endured yet another public battering — this time in a report issued by a high-profile critic of the financial services industry.
The company has been under fire since revealing in early September that the personal information of more than 145 million Americans had been compromised in a data breach.
According to U.S. Sen. Elizabeth Warren (D-Mass), the Atlanta-based consumer credit reporting agency was guilty of a series of failures: setting up a flawed system, ignoring warnings about risk, taking too much time to notify consumers and regulators about the breach, and offering inadequate help to consumers afterward.
“For years, Equifax and other big credit reporting agencies have been able to get away with profiting off cheating people,” Warren said in a statement. “Our report provides answers about what went wrong at Equifax.”
Warren’s report, “Bad Credit: Uncovering Equifax’s failure to protect Americans’ personal information,” came a day after news that a government investigation of Equifax had been scotched by the head of the Consumer Financial Protection Bureau.
Ironically, that agency was created as part of reforms that followed the crisis of 2008 and was modeled on a proposal made by Warren when she was a Harvard professor.
But the agency has been sharply criticized by Republicans for overreach. A Reuters article this week reported that Mick Mulvaney, named by President Trump in November to lead the bureau, had decided against pursuing an inquiry into the actions of Equifax. That decision drew criticism from a number of congressional Democrats, including Rep. David Scott of Atlanta.
Included in Warren’s report were the findings that Equifax:
■ Had ample warning of weaknesses and risks to its system — before the breach had occurred. “The company failed to heed — or was unable to effectively heed — these warnings,” the report said.
■ Used “feeble monitoring” of security, leaving it unaware of cyber attacks.
■ Left sensitive information exposed on accessible systems.
■ Failed to erect technological obstacles to prevent hackers from getting into the crucial data.
However, the report was wrong to include the charge that consumer passport data had been accessed or stolen, said Equifax spokeswoman Meredith Griffanti.
Moreover, the report was wrong to say company officials had not told the truth about the passports during congressional testimony, she said.
“We have looked at the passports as an element of our forensic investigation and that investigation showed that no passports in fact have been affected.”
During testimony to the Senate, Equifax officials provided some technical descriptions of the company’s systems, and it may be that staffers “misinterpreted” Equifax’s testimony, Griffanti said.
A spokeswoman for Warren did not respond to questions about Equifax’s comments on the passport data.
However, Equifax had no comment on other elements of the report, Griffanti said. “I don’t think there’s anything else new in the report.”