With her frequent scowl and no-nonsense tweets, California Rep. Maxine Waters is usually outraged about something. But she was right to really zero in – “Auntie Maxine”-style – on Equifax, the credit rating company that exposed the personal information of 143 million Americans, and then waited a month and a half to say anything.
“This hack into sensitive information compiled and maintained by Equifax is one of the largest data breaches in our nation’s history and someone has to be held accountable,” she said last Thursday, making the Los Angeles Democrat among the first in Congress to call out the company.
Since then, multiple federal investigations have been launched, and a class-action lawsuit has been filed. On Monday, the top Republican and the Democrat on the Senate Finance Committee sent Equifax angry letter demanding an explanation. So did Democrats on the House Energy and Commerce Committee. Hearings are planned. Some have mentioned jail time.
Indeed, we all should be outraged.
Equifax is among a handful of loosely regulated companies that manage Americans’ credit histories, which banks use to determine loans. By exposing people to identity theft, it’s likely many will become unwitting victims of fraud. Millions could run into trouble buying a car or renting an apartment. In California in particular, where the poverty rate is sky-high, that could be devastating.
And yet, since reporting the data breach last Thursday, Equifax has been infuriatingly and inexcusably close-lipped. The Atlanta-based company has refused to release even the most basic details about what happened, offering only a vague explanation about an investigation being under way and that there was “no evidence of unauthorized activity on our core consumer or commercial credit reporting databases.”
Equifax’s initial “remedy” included an attempt to trick victims into agreeing not to sue. Only after an uproar did the company agree to temporarily waive fees for people who want to put a freeze on their credit, keeping would-be identity thieves at bay. Before that, consumers were expected to pay for the privilege.
Plus, three Equifax executives made a profit by selling company shares after the breach was discovered in July, but weeks before it was announced.
By Tuesday, CEO Richard F. Smith was no doubt feeling the heat and finally issued a mediocre mea culpa for the way Equifax carelessly exposed the Social Security numbers, birth dates and driver’s license numbers of millions of Americans.
“Our top priority is doing everything we can to support affected consumers,” he wrote. “Our team is focused on this effort and we are engaged around the clock.”
Talk about too little, too late. This is the same man who, just last month after he presumably knew about the data breach, told the Atlanta Business Chronicle that trustworthy and admired CEOs like himself practice “transparency, candor, consistency and humility.”
We deserve more from a company that holds the futures of middle-class Americans in its databanks. Substantial reforms must follow any investigation of Equifax. Congressional Democrats are wisely pushing for tougher federal protections on digital privacy, giving companies a timeline to notify customers when breaches happen.
In the past, such efforts have devolved into partisan squabbling. And this time around, there’s likely to be pushback from the Trump administration, which has vowed to slash, not add, financial regulations. But after Equifax, for nothing to change on Capitol Hill would be the real outrage.