Equifax breach draws Wells-level congressional scorn
WASHINGTON — Equifax may have displaced Wells Fargo as the new poster child of bad financial behavior for policymakers on Capitol Hill.
Lawmakers on both sides of the political aisle blasted the credit reporting agency on Monday, alarmed by the size and scope of the data breach disclosed late last week.
“The breach was so vast that it would be hard for Congress not to make a big deal about it,” said Ian Katz, a policy analyst at Capital Alpha Partners.
House Financial Services Committee Chairman Jeb Hensarling, R-Tex., announced that the panel will hold a hearing on the breach and many observers expect the Senate Banking Committee to follow suit.
Ultimately, the ire over the breach that exposed the records of 143 million consumers could garner a congressional response similar to that of the Wells Fargo phony-accounts scandal that eventually led to the ouster of CEO John Stumpf.
“Equifax made a huge mistake, and in order to fix it, they made things worse for themselves,” House Chief Deputy Whip Patrick McHenry, R-N.C., said on the sidelines of the National Association of Federally-Insured Credit Unions' congressional caucus meeting. “It is absolutely tone deaf and a bad response.”
Rep. Brad Sherman, D-Calif., who serves on the House Financial Services Committee, said he was focusing on an arbitration clause that Equifax included as part of the terms attached to using a credit monitoring service it was providing to exposed consumers.
“Equifax saying we exposed your data, we created real concern and we used that to sneak in an arbitration provision is outrageous," Sherman said in an interview. (After the initial requirement for mandatory arbitration, the company later reversed course.)
Sherman also pointed out that concerns about the breach go beyond just potential identity theft for millions of Americans.
“There is a national security aspect of this. … Some of those credit ratings are going to show that you work in” the defense industry, said Sherman.
“There are 3 million phony accounts” that Wells Fargo created, he said. “This is 143 million exposed — I don’t know what the conversion factor is. I don’t know which is bigger."
Sen. Brian Schatz, D-Hawaii, reintroduced legislation on Monday that would direct the Consumer Financial Protection Bureau to establish minimum accuracy standards for credit reporting agencies. He also sent a letter to Equifax CEO Richard Smith, calling the company’s response “ineffective.”
“Customers will face the risk of identity theft for years to come,” wrote Schatz, who also called on the company to reimburse consumers who put a credit freeze on their accounts. Credit reporting bureaus often charge a fee for putting a freeze on credit report requests.
“Equifax stands to make hundreds of millions of dollars from its security failings,” said Schatz, while pointing to potential revenue generated by the credit report freezes.
McHenry, the vice chairman of the House Financial Services Committee, said Congress should also take a look at the broader credit reporting industry.
“These companies should be better and they should protect our data in a much stronger form … we should have a broader discussion about how we improve this market,” McHenry said.
However, he tried to separate the issue of the arbitration clause, which Democrats are using as ammo to stop a GOP effort to repeal the Consumer Financial Protection Bureau’s rule banning mandatory arbitration agreements in financial contracts.
“There are two separate issues — arbitration is a separate issue from what Equifax is attempting to do for themselves," he said.
The breach “has broader implications because of their initial mistake and the effort that they are making in order to cover themselves is more galling than the actual event,” McHenry said.
Sherman said Equifax should suffer monetarily in order to motivate better practices by the industry.
“You need to put the cost of the injury on the shoulders of those who are in the best position to avoid the injury,” he said. A significant financial loss, he added, would “send a message to the other credit agencies” to do a better job of safeguarding consumer data.
“We just need to learn what happened and hold the people who are responsible accountable,” Rep. Dan Kildee, D-Mich., told reporters on the sidelines of the credit union meeting.