March 07, 2019

Senator Hassan Grills Equifax Executives on Massive Data Breach

WASHINGTON – Senator Maggie Hassan today, during a Homeland Security and Governmental Affairs Permanent Subcommittee on Investigations hearing, grilled Equifax executives on their company’s negligence in handling the sensitive data of millions of Americans. The hearing follows the release of the subcommittee’s bipartisan report, which found that Equifax blatantly disregarded procedures that could have protected their customer’s data from one of the largest data breaches in American history.

Following the Equifax data breach in July of 2017, Senator Hassan questioned former and current Equifax executives about the company’s responsibility to adequately notify and remediate the damages done to consumers due to data breaches. She also joined a group of her colleagues in calling for the Federal Trade Commission (FTC) to immediately review data security not only at Equifax, but also at the other two major consumer reporting agencies, Experian and TransUnion.

See below for coverage from the Washington Post:

Washington Post: Senators slam Equifax, Marriott executives for massive data breaches

By Tony Romm

Members of Congress sharply rebuked Equifax and Marriott on Thursday for failing to protect people’s personal data and prevent two of the largest security breaches in U.S. history, putting hundreds of millions at risk.

At a Senate hearing featuring both organizations’ top executives, Democrats and Republicans alike said Equifax, a credit-reporting bureau, and Marriott, a hotel chain, each had failed to implement basic defenses against sophisticated hackers -- and that Equifax repeatedly did not patch known security holes or store key data in a way that was hidden from digital malefactors.

[…] Mark Begor, the chief executive of Equifax, who arrived at Equifax after the breach, stressed the credit-reporting firm had invested more heavily in security since the 2017 attack. But he also defended his company’s early security practices. “There were controls in place,” he told lawmakers. “They clearly weren’t strong enough.”

The answers left lawmakers unsatisfied -- and convinced that only through tough, new federal rules would Equifax and other companies truly improve their digital defenses.

“I understand you’re doing things, but you’re doing things after a major breach,” said Democratic Sen. Maggie Hassan (N.H.). “And what I want to make sure that Americans -- whose information is in the custody of an entity they may not even know anything about -- don’t have to wait for there to be a breach before companies start doing what they should responsibly do.”

“This is an ongoing threat,” she continued. “It’s been an ongoing threat for a while. And we need to make sure there are standards in place, just the way we have safety standards for other industries.” […]