Warner Asks FTC to Investigate Equifax Data Breach, Security Lapses
Sen. Mark Warner, D-Va., has asked the FTC to investigate the June cyberattack on Equifax that resulted in 143 million Americans' information being exposed (see 1709080019, 1709110035 and 1709120055). "This information -- critical to opening a new bank account or taking out a loan -- will expose Americans to identity theft, tax fraud, extortion, and other risks," he wrote in a Wednesday letter to acting FTC Chairman Maureen Ohlhausen. Meanwhile, House Commerce Chairman Greg Walden, R-Ore., and Digital Commerce and Consumer Protection Subcommittee Chairman Bob Latta, R-Ohio, formally invited Equifax CEO Richard Smith to testify on Oct. 3. The company didn't comment. Warner, who co-founded the Senate Cybersecurity Caucus and is a member of the Banking, Budget and Finance committees, said the breach "raises serious questions about whether firms like Equifax adequately protect the enormous amounts of sensitive data they gather and commercialize." Warner cited security issues raised by Equifax's actions before and after the breach, "including use of potentially insecure content management software and improperly configured web encryption" that flagged its Equifaxsecurity2017.com domain as a phishing site among web browsers. He was alarmed by the credit reporting service's handling of customer inquiries by requesting some personal data and providing a simple PIN when customers want to place a credit freeze. He said when viewed as a whole, including past breaches by other credit bureaus, "these lapses may potentially represent a systemic failure by firms." The FTC said it received the letter but declined to comment.