Group of professionals discuss finance

Breaking news and expert analysis on legal and compliance issues

[Back To Home][Back To Archives]

From Banking and Finance Law Daily, September 8, 2017

Equifax announces massive security breach, legislators demand action

By Stephanie K. Mann, J.D.

More than 143 million Americans may have had their personal information compromised in a massive cybersecurity incident, announced Equifax Inc. According to the global information solutions company, criminals exploited a website application vulnerability to gain access to certain files from mid-May through July 2017, although the company has found no evidence of unauthorized activity on Equifax’s core consumer or commercial credit reporting databases.

"This is clearly a disappointing event for our company, and one that strikes at the heart of who we are and what we do. I apologize to consumers and our business customers for the concern and frustration this causes," said Chairman and Chief Executive Officer, Richard F. Smith. He continued saying, "I’ve told our entire team that our goal can’t be simply to fix the problem and move on. Confronting cybersecurity risks is a daily fight. While we’ve made significant investments in data security, we recognize we must do more. And we will."

The information accessed primarily includes names, Social Security numbers, birth dates, addresses, and driver’s license numbers. In addition, credit card numbers for approximately 209,000 U.S. consumers, and certain dispute documents with personal identifying information for approximately 182,000 U.S. consumers, were accessed. Equifax discovered the unauthorized access on July 29, 2017, and promptly engaged an independent cybersecurity firm that has been conducting a comprehensive forensic review to determine the scope of the intrusion, including the specific data impacted.

To help consumers determine if their information was potentially impacted and to sign up for credit file monitoring and identity theft protection, Equifax has established a dedicated website,

Sale of shares. The Securities and Exchange Commission has released information that three executive officers sold shares totaling $1.8 million on August 1 and 2, before the company publically reported the breach. Chief Financial Officer John Gamble sold shares worth $946,374; Joseph Loughran, president of U.S. information solutions, exercised options to dispose of stock worth $584,099; and Rodolfo Ploder, president of workforce solutions, sold $250,458 of stock.

Congressional response. Responding to the security breach, House Majority Leader Kevin McCarthy (R-Calif) released a statementsaying, "Our public and private institutions continue to face onslaughts that threaten our national security, economy, and privacy. Had any of these attacks taken place in the physical world there would be a national call to action. We can no longer afford to ignore these threats simply because we cannot see them. Over the years, Congress has acted to establish better communication and coordination between the government and private companies to thwart attacks. We must build on these actions and recommit to a comprehensive approach to defend against and defeat cybercriminals and terrorists."

Ranking Member of the House Financial Services Committee Maxine Waters (D-Calif) emphasized that someone has to be punished for of one of the largest data breaches in the nation’s history. "Given the important role credit scores play in the lives and financial futures of hardworking Americans, Congress must diligently examine the way our credit reporting agencies are operating and impose additional statutory and regulatory reforms to protect the integrity of the country’s credit reporting system." Waters has previously sought reform of the credit report system (see Banking and Finance Law Daily, May 20, 2016).

Financial Services Committee Chair Jeb Hensarling (R-Texas) announced that the committee will hold a hearing on this "troubling" data breach. "Large-scale security breaches are becoming all too common. Every breach leaves consumers exposed and vulnerable to identity theft, fraud and a host of other crimes, and they deserve answers," said Hensarling.

Preventing identity theft. In the wake of such a troubling event, U.S. PIRG is seeking to inform U.S. consumers about how they can prevent identity thieves from opening new credit accounts in the first place. By placing a credit freeze on their account at all three national credit bureaus, potential creditors are prevented from seeing consumer credit history, without which new accounts are typically not opened.

Companies: Equifax Inc.; U.S. PIRG

MainStory: TopStory ConsumerCredit CyberPrivacyFeed IdentityTheft Privacy

Back to Top

Banking and Finance Law Daily

Introducing Wolters Kluwer Banking and Finance Law Daily — a daily reporting service created by attorneys, for attorneys — providing same-day coverage of breaking news, court decisions, legislation, and regulatory activity.

A complete daily report of the news that affects your world

  • View full summaries of federal and state court decisions.
  • Access full text of legislative and regulatory developments.
  • Customize your daily email by topic and/or jurisdiction.
  • Search archives for stories of interest.

Not just news — the right news

  • Get expert analysis written by subject matter specialists—created by attorneys for attorneys.
  • Track law firms and organizations in the headlines with our new “Who’s in the News” feature.
  • Promote your firm with our new reprint policy.

24/7 access for a 24/7 world

  • Forward information with special copyright permissions, encouraging collaboration between counsel and colleagues.
  • Save time with mobile apps for your BlackBerry, iPhone, iPad, Android, or Kindle.
  • Access all links from any mobile device without being prompted for user name and password.