Mobile Menu - OpenMobile Menu - Closed

Congresswoman Norma Torres

Representing the 35th District of California

Connect

Torres Demands Action and Answers on Equifax Data Breach

September 15, 2017
Press Release

WASHINGTON, DC – Today, Rep. Norma J. Torres (D-Pomona) joined in sending a letter to Richard F. Smith, Chairman and CEO of Equifax, expressing concern and demanding answers about the recent massive security breach and the company’s troubling response.

 

“Millions of consumers place their trust in the credit bureaus and their handling of massive amounts of personal financial information,” said Torres.  “A breach of this magnitude is already unacceptable, but the failure to notify consumers in a timely manner followed by the questionable actions of Equifax executives making massive profits selling their shares before the information went public is deeply troubling.”

 

The letter, signed by Torres and 36 Members of Congress, asks Smith to explain why the company waited six weeks after the security breach was discovered to notify the public, a decision which prevented consumers from taking immediate action to protect their accounts.  The Members also raise questions as to Equifax’s claims that the three senior executives, including the Chief Financial Officer, who sold their Equifax shares for a combined $1.8 million prior to the breach going public, were not aware of the breach at the time.

 

“The American people deserve answers, and they deserve accountability, but in the meantime, they must remain vigilant over their accounts,” continued Torres.  “I encourage my constituents to take the necessary steps to protect their personal information and be especially mindful of unscrupulous actors seeking to take advantage of vulnerable consumers during this time.”

 

Consumers are encouraged to visit https://www.consumer.ftc.gov/blog/2017/09/equifax-data-breach-what-do for information about actions they can take if they were impacted by this breach.  The full text of the letter can be found below and a pdf can be found HERE.

 

----------------------------------------------------------------

 

Richard F. Smith

Chairman and Chief Executive Officer

Equifax

1550 Peachtree Street NE

Atlanta, GA 30309

 

Dear Mr. Smith:

 

We write regarding the data breach at Equifax. As one of the three major U.S. credit bureaus, Equifax hosts the sensitive personal information of millions of Americans, such as Social Security numbers, birth dates, and driver’s license numbers.

 

On September 7, 2017, Equifax announced its computer systems had been breached between mid-May and July of this year. Although the data breach was discovered on July 29, Equifax waited six weeks before informing the public. The delay may have further exposed affected consumers by not allowing people to pursue mitigative measures as soon as possible. Equifax has an obligation to safeguard the sensitive information of consumers and notify individuals in a timely manner when their information has been compromised.

 

Reports indicate hackers utilized a vulnerability on the Equifax website to obtain the sensitive information of up to 143 million Americans – more than half of the country. Per news reports, the credit card information of 209,000 Americans was compromised. Please explain what factors affected Equifax’s decision to delay the announcement of the intrusion.

 

Also of concern, three senior Equifax executives sold company shares worth a combined $1.8 million a few days after discovery of the breach but before the public was notified of the cyberattack. Equifax has alleged the senior executives were unaware of the breach. If this statement is true, why were the three individuals – including the Chief Financial Officer – not notified given their prominent role within the company?

 

We are troubled by the wide scope of this data breach and Equifax’s response to this serious matter. Due to this cyber incident, our constituents are potentially exposed to criminal activity, such as identify theft. Therefore, as representatives for many of those affected by the breach, we respectively request a detailed response to our concerns.

 

Sincerely,