Thursday, December 21, 2017
ICBA Urges Collaboration on Data Breach Legislation
Washington, D.C. - December 21, 2017 - (The Ponder News) -- ICBA and other financial services trade groups called on the House Energy and Commerce Committee to support data protection and consumer notification legislation.
In a joint letter, ICBA noted that during the last Congress the House Financial Services Committee approved legislation to require all entities that handle sensitive financial data to implement data-security processes like those already mandated for banks.
Like the Data Security Act of the last Congress, any data breach bill should contain robust processes for data protection and appropriate federal and state oversight, the coalition wrote.
Read Coalition Letter
See more headlines at The Ponder News Web Site
Thursday, November 30, 2017
Uber Suffers Data Breach
U.S. Senators Bill Cassidy, M.D. (R-LA), John Thune (R-SD), Orrin Hatch (R-UT), and Jerry Moran (R-KS) are seeking answers. They recently wrote the company. “The company maintains that its outside forensic experts have not seen any indication that customer trip location history, credit card numbers, bank account numbers, Social Security numbers, or dates of birth were downloaded. Nevertheless, the nature of the information currently acknowledged to have been compromised, together with the allegation that the company concealed the breach without notifying affected drivers and consumers, and prior privacy concerns at Uber, makes this a serious incident that merits further scrutiny,” stated the senators in the letter.
Senator Bill Cassidy is the chairman of the Senate Finance Committee’s Subcommittee on Social Security, Pensions, and Family Policy, which has jurisdiction over the protection of social security numbers and programs that are often targeted by identity thieves.
Wednesday, October 4, 2017
Brown: Equifax Should Spend More on Security, Less on CEO Pay
Brown called for Equifax to invest more in security and less in huge salaries for CEOs. He pointed out that Equifax spent nearly as much on Smith’s multi-million dollar salary as the company spent on cybersecurity. Since last year, Smith earned about $69 million, while Equifax spends just $85 million a year on cybersecurity.
“In hindsight, do you think Equifax should have spent more money protecting peoples’ data rather than compensating you so well?” Brown asked. “You’re an IT company. That’s just not acceptable.”
Brown also pointed out how unfair Equifax’s business model is for American consumers. Equifax makes money collecting and selling consumers’ data to other big companies. Those consumers are not compensated for the use of their data, in fact, most of the time, they don’t even know it’s being sold. Then Equifax makes even more money by forcing those same consumers to pay Equifax to protect their data after a breach occurs.
“Do you think it’s fair that Equifax gets to take consumers’ data at almost no cost, make millions by selling it to data mining companies and marketers, then charge fees to those consumers for credit monitoring products after they’ve become identity theft victims?” Brown pressed the CEO.
Brown called for consumers to have more control of their own data, similar to how Americans have ownership of their medical records. It is illegal for companies to buy and sell medical records, and patients must consent before their information is transferred. However, companies like Equifax are free to buy and sell sensitive data without people’s consent or knowledge. Brown suggested Americans should have the right to request their data be deleted from Equifax’s system or at the other consumer reporting agencies.
“If you don’t think consumers should be allowed to control their own data, why should a company that has had so many security failures be allowed to control their data? That’s the fundamental question this company hasn’t answered to the public,” Brown said.
Tuesday, October 3, 2017
Sarbanes Questions Former Equifax CEO about Consumer Data Breach
“There are three things that I think the public is angry about,” said Congressman Sarbanes. “First of all, they want to understand why there weren’t sufficient protections in place on the front end so that this kind of breach wouldn’t happen given the sensitivity of the information that you’re keeping in the company. The second thing is how quickly – once a breach was discovered – you came clean to the public and provided information on what was happening. There seems to have been a delay there that concerns people. The third is whether the services that you’re now providing people are going to be a sufficient assurance to folks going forward – that their identity can be protected, that their information is safe.”
A full video of the exchange appears below.
Monday, October 2, 2017
LUJÁN INTRODUCES LEGISLATION TO HELP CONSUMERS PROTECT THEIR CREDIT FOLLOWING A DATA BREACH
Washington, D.C. - October 2, 2017 - (The Ponder News) -- Earlier this month it was revealed that a massive data breach at Equifax Inc. had compromised the financial and personal information of more than 143 million Americans’ and exposed them to identity theft and credit card fraud. Congressman Ben Ray Luján (D-NM) today introduced legislation in the House to allow consumers to protect themselves from financial fraud at no cost. U.S. Senator Ron Wyden (D-OR), the senior Democrat on the powerful Senate Finance Committee, recently introduced a similar bill in the Senate.
Lujan’s and Wyden’s bill, known as the Free Credit Freeze Act would guarantee all consumers can use PIN numbers to freeze and thaw their credit – free-of-charge – to stop hackers and others from creating new financial accounts with stolen information. The Equifax data breach, which exposed credit information of nearly a quarter million Americans, as well as Social Security numbers, birthdates and driver’s license numbers of an estimated 143 million more people, has highlighted the vulnerabilities of large data systems and underscored the importance of credit freezes.
Currently, credit reporting agencies like Equifax, charge consumers recurring fees as high as $15 each time they use their PIN numbers to freeze or thaw their credit reports. Luján, who sits on the House Digital Commerce and Consumer Protection Subcommittee, noted that as data breaches have become more frequent, consumers need to have a reliable cost-free way to protect themselves when their sensitive personal information is compromised.
“In the 21st Century, data is currency – companies like Equifax make money through the accumulation of Americans’ most sensitive personal data, and hackers steal millions each year by pilfering this data,” said Luján. “Americans who want to protect their personal and credit information from criminals should not be charged as they take steps to guard against financial fraud – especially when those fees are being charged by the very companies who failed to protect their data in the first place. The Free Credit Freeze Act stops companies from charging consumers to protect their credit by requiring credit agencies to allow consumers to freeze their credit at no charge.”
Luján noted that as massive data breaches become more frequent, companies must do more to protect their databases from intrusion. He also said consumers need a reliable way to get information about whether their personal information was compromised and the ability to take steps to protect themselves once there is a data breach. Cybersecurity experts and the Federal Trade Commission recommend credit freezes as a dependable method of protecting against identity theft and financial fraud.
“Companies like Equifax that have stockpiled massive, insecure databases of Americans’ most sensitive personal data must make security the top priority at every single stage,” Wyden said. “Given the frequency of these mega breaches, it is simply unacceptable for the credit agencies to continue to charge hardworking Americans who want to protect their credit and their identity from fraudsters. The Free Credit Freeze Act gives power back to consumers by requiring credit reporting agencies to provide credit freezes to consumers at no cost. Thanks to Congressman Luján, the Free Credit Freeze Act now has support in both Houses of Congress.”
Days after the Equifax breach was reported, Luján and his Democratic colleagues on the Energy and Commerce Committee wrote a letter to Equifax Chairman and CEO Richard Smith seeking detailed information about how the data breach occurred, what steps Equifax is taking to make affected consumers whole, and what the company is doing to safeguard against security breaches in the future.
Among the consumer protection and advocacy organizations have endorsed the Free Credit Freeze Act are the Consumer Federation of America, and the National Consumer Law Center (on behalf of its low-income clients)
“As consumers, we can’t control how securely our sensitive personal information is held by the credit reporting agencies, but we should at least have the right to freeze that data whenever we want, at no charge, to limit the damage that can occur if it’s exposed to identity thieves,” said Susan Grant, Director of Consumer Protection and Privacy at Consumer Federation of America.
Friday, September 22, 2017
AFGE responds to ruling in OPM data breach lawsuit
Source: American Federation of Government Employees
Washington, D.C. - September 22, 2017 (The Ponder News) -- American Federation of Government Employees released the following statement:
“Two years ago, nearly 22 million current and former federal employees, job applicants, and their family members had their most personal and sensitive information stolen from the Office of Personnel Management (OPM) in one of the largest cyberattacks in U.S. history. Everyone affected deserves to see that justice is served, and that’s why the American Federation of Government Employees was the first organization to sue the federal government over the data breach.
“AFGE brought in the California law firm of Girard Gibbs, one of the nation’s leading firms in the developing area of data breach law. The firm did a great job on behalf of our members. The judge’s unfortunate decision to dismiss AFGE’s case reflects an unduly narrow view of the rights of data breach victims. OPM failed to keep our most private and sensitive information from getting into the hands of Chinese hackers. We are deeply disappointed by the judge’s ruling in favor of OPM.
“AFGE is seriously evaluating all options to challenge this decision and will continue to fight on behalf of the millions of current, future, and retired federal employees and their family members whose lives were forever disrupted by this unprecedented data breach.”
The American Federation of Government Employees (AFGE) is the largest federal employee union, representing 700,000 workers in the federal government and the government of the District of Columbia.
Friday, September 8, 2017
Brown Calls on Equifax to Remove Forced Arbitration from Credit Monitoring, Following Data Breach
Washington, D.C. - September 8, 2017 (The Ponder News) -- U.S. Sen. Sherrod Brown (D-OH) – ranking member of the U.S. Senate Committee on Banking, Housing, and Urban Affairs – is calling on Equifax to immediately remove forced arbitration from all services offered to customers following a data breach that exposed 143 million Americans to identify theft. Equifax is currently touting free credit monitoring and identify protection services for victims of the breach through its TrustedID product. However, Equifax included forced arbitration clauses in the terms of use agreement customers must agree to when signing up for the services – effectively forcing victims of the breach to sign away their rights to seek access to court.
“It’s shameful that Equifax would take advantage of victims by forcing people to sign over their rights in order to get credit monitoring services they wouldn’t even need if Equifax hadn’t put them at risk in the first place. If Equifax is genuine about wanting to protect customers, it must remove forced arbitration immediately from TrustedID and any other services offered to victims of the data breach,” Brown said. “This is just one more example why the Consumer Financial Protection Bureau’s rule banning forced arbitration is badly needed to protect the rights of working Americans.”
Many victims of the Equifax breach were likely enrolled through their credit card company or another third-party credit provider, and may not even know they are customers of Equifax.
Brown is cautioning victims of the breach to carefully read all fine print before signing up for TrustedID or other Equifax products.
The arbitration clauses contained in Equifax’s terms of use agreement to TrustedID are highlighted below. The complete agreement is available here.
U.S. SENATOR TAMMY BALDWIN CALLS FOR SENATE COMMERCE COMMITTEE TO HOLD HEARING ON EQUIFAX DATA BREACH
Washington, D.C. - September 8, 2017 (The Ponder News) -- U.S. Senator Tammy Baldwin has called on leaders of the Senate Commerce Committee to hold a hearing on the Equifax data breach.
“I write today to urge you to hold a hearing on an issue impacting the lives of millions of Americans – the recently reported data breach at Equifax, one the nation’s largest consumer credit reporting agencies,” wrote Senator Baldwin, a member of the Commerce Committee. “American consumers deserve answers about this breach and the actions of Equifax executives before this breach was made public.”
Senator Baldwin’s letter to Senate Commerce Committee Chair John Thune (R-SD) and Ranking Member Bill Nelson (D-FL) is available here