The Capitol Hill outrage over the massive Equifax data breach has returned, with Democrats suspicious that Republicans are delaying efforts to crack down on the credit reporting industry and secure consumer data.
The fresh outcry kicked off last Sunday, when Reuters reported that Mick Mulvaney, the acting director of the Consumer Financial Protection Bureau (CFPB), had slowed the agency’s investigation into Equifax.
The 2017 breach exposed sensitive information, including Social Security numbers, of 143 million Americans.
A group of 32 Senate Democrats responded to the Reuters report by demanding answers from the agency about the progress of its investigation.
The CFPB declined to comment on the letter, instead pointing to an earlier statement from Mulvaney senior adviser John Czwartacki.
“Acting Director Mulvaney takes data security issues very seriously,” Czwartacki said. “Under his direction, the CFPB is working with our partners across government on Equifax’s data breach and response. We are committed to enforcing the law. As policy, we do not confirm or deny enforcement or supervisory matters.”
Democrats have kept up the heat on Equifax and other credit reporting agencies since the hack, using the breach to call for reforms.
Sen. Elizabeth Warren (D-Mass.) also released a report this week on the breach, excoriating Equifax for a lack of safeguards and calling on Congress to crack down on credit reporting agencies.
Last month, Warren and Sen. Mark Warner (D-Va.) introduced legislation that would make it easier for the Federal Trade Commission to police credit bureaus’ data security practices.
And in November, Democrats on the Senate Commerce Committee renewed their push for a law requiring companies to notify consumers of data breaches within 30 days of discovering them.
“[The breach] showed how a lack of oversight and accountability from credit reporting companies played a key role in the largest credit consumer data breach in history,” Warner said in a statement to The Hill. “Congress has a responsibility to ensure these companies are collecting and maintaining this data in an appropriate and secure manner, including by adopting effective system and data security safeguards.”
The calls for data breach laws grew in 2017, the same year Uber revealed a data breach a year earlier had compromised information from 57 million users and Yahoo announced that all of its 3 billion user accounts had been compromised in a 2013 breach.
“We’ve gotta do something to require much more protection for data,” Rep. Jan Schakowsky (Ill.), the ranking Democrat on the House Energy and Commerce consumer protection subcommittee, who introduced her own data breach bill in October. “I just think all of this just spurs on demand for a long-term solution.”
Former Equifax CEO Richard Smith faced four congressional hearings in October, with members of both parties furious about a breach that had exposed sensitive personal data for nearly half the country.
Despite the outrage from lawmakers, though, there’s been little movement in Congress toward cracking down on the industry or improving data security practices.
{mosads}Lisa Gilbert, the vice president of legislative affairs at the left-leaning consumer group Public Citizen, said it’s frustrating to watch the bipartisan fury fade just months after the breach, which she called one of the worst financial scandals since the recession.
“I think it was impossible for members on both sides of the aisle not to be loud and angry” during the hearings, Gilbert said.
She added that the differing views on regulations between Republicans and Democrats have since hampered momentum among lawmakers.
Rep. Greg Walden (R-Ore.), who chairs the House Energy and Commerce Committee and grilled Smith during one of the hearings last year, insists that Congress is still investigating the breach. He told reporters Thursday that data breaches are a sensitive issue for regulators, adding that different areas of the private sector can never agree on where the legal burden to protect data should fall.
“We’re trying to get our heads around where the liability properly resides and what can we do that could actually pass,” Walden said.
But Schakowsky suggested that Republicans are dragging their feet in an attempt to appease the private sector.
“I think they’re getting pressure from the companies that don’t want to do anything more than what they’ve already been doing,” she said. “We have to stop pretending that this is just going to go away.”