The Hill: Week ahead: Lawmakers alarmed by Equifax breach
The country is grapping with the disclosure by credit monitoring firm Equifax that hackers accessed personal information on as many as 143 million U.S. consumers.
Equifax reported the breach--likely to be one of the most devastating in history--in a statement late Thursday, explaining that cyber criminals exploited a U.S. website application vulnerability and gained unauthorized access to personally identifiable information, including Social Security numbers, on potentially millions of Americans.
The information was exposed to hackers for more than a month before Equifax detected the breach on July 29.
The credit reporting firm, one of the largest in the United States, has come under increased scrutiny following the disclosure. Bloomberg reported that three senior Equifax executives sold stock in the company worth nearly $1.8 million after the breach was discovered. The company's stock has been plummeting since Thursday.
The revelation has already begun to make waves on Capitol Hill, with members of Congress demanding investigations into the matter.
House Financial Services Committee Chairman Jeb Hensarling (R-Tex.) said Friday that his panel would hold hearings on the breach.
Rep. Michael McCaul (R-Tex.), who chairs the House Homeland Security Committee, suggested Friday morning that his committee is also looking into the hack.
"This latest breach, this hack, is very alarming to me. What we're trying to figure out now is the intent, motive, what country [or] nation state could be behind this or just criminal actors. Are they simply stealing this information for financial benefit or is this one of these big data thefts that we saw China do," McCaul told Bloomberg TV, referencing data breaches at the Office of Personnel Management (OPM) and health insurer Anthem.
"Needless to say, we're in the investigation phase right now, but we're taking this very seriously," the Texas lawmaker said.
Meanwhile, Rep. Ted Lieu (D-Calif.) is urging the House Judiciary Committee to call Equifax representatives to testify. Sen. Tammy Baldwin(D-Wis.) has also asked the Senate Commerce Committee to schedule a hearing on the breach.
Sen. Mark Warner (D-Va.) called the breach "profoundly troubling" and a "real threat" to economic security, suggesting that it could compel Congress to revisit data protection policies.
"The scope of this breach ... raises serious questions about whether Congress should not only create a uniform data breach notification standard, but also whether Congress needs to rethink data protection policies, so that enterprises such as Equifax have fewer incentives to collect large, centralized sets of highly sensitive data like SSNs and credit card information on millions of Americans," Warner, the top Democrat on the Senate Intelligence Committee, said Thursday.
Equifax said that hackers gained access to names, Social Security numbers, birth dates, addresses, and some driver's license numbers. Thousands of consumers also had their credit card numbers and credit dispute documents accessed.
The number potentially affected--143 million--is close to half the U.S. population.
The company is offering free identity theft protection and credit monitoring to those affected by the breach, which those parties can sign up for through a dedicated website. However, the Washington Post reported Friday that the website's terms of service could restrict an individual's legal rights, preventing those who sign up from participating in class-action lawsuits arising from the breach.
The FBI is actively investigating the incident, NBC News reported. Equifax has said that it is cooperating with authorities.
Beyond the attention on the Equifax breach, the upcoming week will offer a slew of cyber-focused events in Washington.
A House Energy and Commerce subcommittee has scheduled a hearingon cross border data flow policies and their impact on American jobs for Tuesday.
The same day, members of the House Science, Space and Technology Committee will examine the resiliency of the electric grid from both physical and cyber threats.
On Wednesday, the Senate Commerce, Science and Transportation Committee will hold a hearing on self-driving technology for trucks and large vehicles, including the impacts to safety and jobs and the economy. The hearing comes a week after the House passed bipartisan driverless car legislation.
Off Capitol Hill, Billington is hosting its eighth annual cybersecurity summit on Wednesday, boasting a speaker lineup that includes Director of National Intelligence Dan Coats and White House cyber czar Rob Joyce.