Consumer Portals Legislative Responses
  • S. 1786 (the “SECURE Act of 2017”), introduced by Sen. Brian Schatz (D-HI), that would amend the Fair Credit Reporting Act to “enhance the accuracy of credit reporting and provide greater rights to consumers who dispute errors in their credit reports.” View Sen. Schatz’s press release on the legislation.
     
  • S. 1810, introduced by Sen. Ron Wyden (D-OR), that would amend the Fair Credit Reporting Act to provide access to free credit freezes for all consumers. View the bill text and Sen. Wyden’s press release.
     
  • S. 1815, introduced by Sen. Ed Markey (D-MA), that would require data brokers to “establish procedures to ensure the accuracy of collected personal information.” View the bill text and Sen. Markey’s press release.
     
  • S. 1816, introduced by Sen. Elizabeth Warren (D-MA), that would amend the Fair Credit Reporting Act to “enhance fraud alert procedures and provide free access to credit freezes.” View the bill text, fact sheet and Sen. Warren’s press release.
     
  • S. 1819, introduced by Sen. Elizabeth Warren (D-MA), that would amend the Fair Credit Reporting Act to “prohibit the use of consumer credit checks against prospective and current employees for the purposes of making adverse employment decisions.” View the bill text, fact sheet and Sen. Warren’s press release.
     
  • H.R. 3755, introduced by Rep. Maxine Waters (D-CA), that would amend the Fair Credit Reporting Act to “improve the consumer reporting system.” View the bill text, fact sheetextended summary and Rep. Waters’ press release.
     
  • H.R. 3766, introduced by Rep. James Himes (D-CT), that would amend the Fair Credit Reporting Act to “require consumer reporting agencies to place a security freeze on a consumer report without a fee if the consumer reporting agency is subject to a breach of data security.” View the bill text and Rep. Himes’ press release.
     
  • H.R. 3783, introduced by Rep. Steve Cohen (D-TN), that would amend the Fair Credit Reporting Act to “prohibit the use of consumer credit checks against prospective and current employees for the purposes of making adverse employment decisions.” This is the House companion legislation to Sen. Warren’s S. 1819.  View Rep. Cohen’s press release.
     
  • H.R. 3806, introduced by Rep. Jim Langevin (D-RI), that would establish a national data breach notification standard. View Rep. Langevin’s press release.
     
  • Senate Banking Committee Ranking Minority Member Sherrod Brown (D-OH) announced that he plans to draft legislation that would: (1) provide certain Equifax customers with 10 years of free credit monitoring; (2) “[p]rotect servicemembers who may have been affected by the Equifax breach”; and (3) establish an “easy and affordable” procedure by which consumers can freeze their credit reports. View Sen. Brown’s press release.
     
  • Eighteen Senate Democrats sent a letter to FTC Acting Chairman Maureen Ohlhausen requesting that the FTC conduct an “immediate horizontal review of consumer reporting agencies in light of Equifax’s disclosure of a data breach affecting nearly 44 percent of the country’s population.” Although they commend the FTC for launching an investigation into the Equifax breach, they argue that a “breach of this scale warrants a proactive review of data security at all three of the major consumer reporting agencies.” View the letter to the FTC's Acting Chairman.
     
  • On September 11, 2017, a group of 20 Democratic Senators wrote to Equifax CEO Richard Smith to urge Equifax to abandon forced arbitration from any claims arising out of Equifax’s data breach and to seek clarification on Equifax’s position on legislation to reverse the CFPB rule limiting the use of forced arbitration clauses. View the letter to Equifax's CEO.
     
  • On September 12, 2017, a bipartisan group of 36 senators sent a letter to the FTC, the SEC and DOJ requesting an investigation into “disturbing reports that senior Equifax executives sold more than $1.5 million in Equifax securities within days of a cybersecurity breach that may have compromised the personal information, including Social Security numbers, of as many as 143 million Americans.” The letter also requests that the agencies share “any information regarding whether Equifax management employed reasonable measures to ensure the security of the now compromised data prior to this cyber breach” that is uncovered in the course of the requested investigation. View the letter to the FTC, the SEC and DOJ.
     
  • On September 13, 2017, Senator Mark Warner (D-VA) sent a detailed letter to the FTC requesting that the Commission respond to eight questions regarding its enforcement authority under the Fair Credit Reporting Act and its current stance on the adequacy of cybersecurity measures and responses to data breaches. View the letter to the FTC.
     
  • On September 14, 2017, House Committee on Science, Space, and Technology Chairman Lamar Smith (R-TX) and House Committee on Oversight and Government Reform Chairman Trey Gowdy (R-SC) sent a letter to Equifax CEO Richard Smith requesting documents and a briefing related to the Equifax data breach. View the letter to Equifax's CEO.
     
  • On September 19, 2017, Senators Dean Heller (R-NV) and Joe Donnelly (D-IN) sent a letter to Equifax CEO Richard Smith requesting information on the steps taken by Equifax to protect servicemembers’ personal information. View the letter to Equifax's CEO.
     
  • On September 22, 2017, Senator Elizabeth Warren (D-MA) sent a letter to SEC Chairman Jay Clayton urging the SEC to investigate “whether Equifax violated federal securities laws by failing to promptly disclose material information about its recent data breach to investors.” View the letter to the SEC Chairman.
     
  • On September 22, 2017, Senators Elizabeth Warren (D-MA) and Catherine Cortez Masto (D-NV) sent a letter to Robert Marcus, Chairman of the Compensation Committee of the Equifax Board of Directors, requesting additional information regarding the retirement of Equifax’s Chief Information Officer and Chief Information Security Officer, including whether these officers were subject to any compensation clawback provisions. View the letter to the Chairman of the Compensation Committee of the Equifax Board of Directors.
     
  • On September 22, 2017, Senator Elizabeth Warren (D-MA) sent a letter to DHS Acting Secretary Elaine Duke requesting information about warnings of potential security vulnerabilities provided by the United States Computer Emergency Readiness Team (US-CERT) to Equifax, TransUnion or Experian. View the letter to the DHS Acting Secretary.
     
  • On September 26, 2017, Senator Jeanne Shaheen (D-NH) and Representative Nydia Velázquez (D-NY) sent a letter to Equifax Interim CEO Paulino do Rego Barros Jr. and Non-Executive Chairman Mark Feidler urging Equifax to provide greater assistance for small business owners and requesting information about the steps Equifax is taking to limit damage from the breach to small business owners. View the letter to Equifax’s Interim CEO and Non-Executive Chairman.
     
  • H.R. 3878, introduced by Rep. Ben Ray Luján (D-NM), that would amend the Fair Credit Reporting Act to provide access to free credit freezes for all consumers. This is the House companion legislation to Sen. Wyden’s S. 1810. View Rep. Luján’s press release.
     
  • H.R. 3860, introduced by Rep. Patrick McHenry (R-NC), that would amend the Internal Revenue Code to require real-time, internet-based income verification. View the bill text and Rep. McHenry’s press release.
     
  • On October 4, 2017, seven Senators sent a letter to IRS Commissioner John Koskinen expressing concern over the timing of the sole-source contract awarded to Equifax and calling for its immediate rescission.  View the letter to Commissioner Koskinen.
     
  • On October 4, 2017, Senators Orrin Hatch (R-UT) and Ron Wyden (D-OR) sent a letter to IRS Commissioner John Koskinen requesting information on a sole-source contract awarded by the IRS to Equifax to verify taxpayer identity. View the letter to Commissioner Koskinen.
     
  • On October 4, 2017, ten House Democrats sent a letter to the majority and minority leaders of the House and Senate requesting a bipartisan and bicameral investigation into the Equifax breach. View the letter to House and Senate leaders.
     
  • On October 4, 2017, five Senate Democrats sent a letter to FTC Acting Chairman Maureen Ohlhausen requesting information about steps the FTC is taking to help consumers avoid frauds and scams as a result of the Equifax breach. View the letter to Acting Chairman Ohlhausen.
     
  • On October 5, 2017, Senator Gary Peters (D-MI) sent a letter, signed by seven additional Senators, to IRS Commissioner John Koskinen requesting information about the $7.25 million sole-source contract Equifax was awarded after it announced the cybersecurity breach. View the letter to Commissioner Koskinen.
     
  • On October 9, 2017, Senator Sherrod Brown (D-OH) sent a letter to the Department of the Treasury requesting that the Department initiate a review to bar Equifax from consideration for new or renewed government contracts. View Sen. Brown’s letter to the Department of the Treasury.
     
  • H.R. 4028, introduced by Rep. Patrick McHenry (R-NC) on October 12, 2017, would require the federal government to create uniform cybersecurity standards for credit bureaus, establish supervision and examination of large consumer reporting agencies and prohibit credit bureaus from using Social Security Numbers as a basis for identification by 2020. View Rep. McHenry’s press release.
     
  • On October 16, 2017, the House Committee on Energy and Commerce sent a letter to the Acting Administrator of the General Services Administration (GSA) requesting information regarding the GSA’s consideration of data security practices when vetting vendors and awarding government contracts. View the letter to the GSA’s Acting Administrator.
     
  • S. 2124, introduced by Sen. Patrick Leahy (D-VT) on November 14, 2017, would require companies to take preventive steps to defend against cyberattacks and data breaches, provide notice to individuals following a breach, and offer prevention and mitigation services if a breach occurs. View the bill text and Sen. Leahy’s press release
     
  • On November 17, 2017, leaders of the House Committee on Energy and Commerce sent a letter to Equifax Interim CEO Paulino do Rego Barros, Jr. and Equifax Chairman Mark Feidler with an extensive list of questions and requests for documents. View the letter to Equifax’s Interim CEO and Chairman.
     
  • On November 20, 2017, leaders of the House Committee on Science, Space, and Technology and the House Committee on Oversight and Government Reform sent a letter to Equifax Interim CEO Paulino do Rego Barros, Jr. requesting additional documents and information related to the technical and process failures that led to the loss of Americans’ personally identifiable information. View the letter to Equifax’s Interim CEO.
     
  • S. 2179, introduced by Sen. Bill Nelson (D-FL) on November 30, 2017, would require companies to notify consumers within 30 days of discovering a breach, make it a crime to knowingly conceal a breach, and direct the FTC to develop security protocols for businesses to follow. View the bill text and Sen. Nelson’s press release.

Regulatory Responses
  • New York State Department of Financial Services issued guidance to urge chartered and licensed financial institutions to take specific steps in light of the Equifax data breach including ensuring that the appropriate identity theft and fraud prevention programs are in place and confirming the validity of information contained in Equifax reports before relying on them. View the guidance.
     
  • New York Governor Andrew Cuomo proposed regulation requiring any credit reporting agency that assembles, evaluates or maintains a consumer credit report on any consumers located in New York State to register yearly with the state’s Department of Financial Services, whose superintendent will have broad power to examine and regulate the agency. View the proposed regulation.
Other Responses
  • On September 11, 2017, Summit Credit Union filed a class action lawsuit against Equifax in U.S. District Court for the Northern District of Georgia. The suit alleges that Equifax was negligent in failing to secure consumers’ personal information. View the complaint.
     
  • On September 19, 2017, Massachusetts Attorney General Maura Healey filed suit against Equifax, Inc. in Suffolk Superior Court alleging Equifax “did not maintain the appropriate safeguards to protect consumer data in violation of Massachusetts consumer protection and data privacy laws and regulations.” View AG Healey’s press release.
     
  • On September 26, 2017, San Francisco City Attorney Dennis Herrera filed suit against Equifax, Inc. in San Francisco Superior Court. The suit alleges that Equifax violated state law prohibiting unlawful, unfair or fraudulent business practices. View City Attorney Herrera’s press release.
     
  • On September 26, 2017, the Equifax Board of Directors announced that Richard Smith would immediately retire as Chairman of the Board and Chief Executive Officer. View Equifax’s press release.
     
  • On September 28, 2017, City of Chicago Mayor Rahm Emanuel announced that the City had filed a lawsuit against Equifax alleging violations of Illinois Personal Information Privacy Act, the Illinois Consumer Fraud and Deceptive Business Practices Act and the Chicago Consumer Fraud ordinance. View Mayor Emanuel’s press release.
     
  • On November 27, 2017, Independent Community Bankers of America (ICBA) filed a class action lawsuit against Equifax Inc. in the U.S. District Court for the Northern District of Georgia. ICBA’s suit seeks monetary relief for all community banks affected by the breach and an order directing Equifax to employ adequate security protocols. View the complaint.