Dem bill would fine credit agencies for breaches
Congressional Democrats on Tuesday reintroduced legislation which would impose fines on credit reporting agencies for compromising customer data, a response to the massive Equifax breach.
The Data Breach Prevention and Compensation Act, unveiled ahead of a Senate Banking Committee hearing on data privacy, would require credit reporting agencies to pay $100 for each consumer whose personal data is compromised in a breach.
The bill was offered by Sens. Elizabeth Warren (D-Mass.) and Mark Warner (D-Va.) in the upper chamber, and House Oversight and Reform Committee Chairman Elijah Cummings (D-Md.) and Rep. Raja Krishnamoorthi (D-Ill.) in the lower chamber.
Warren’s office estimated that if the bill was in place in 2017, credit reporting company Equifax would have been required to pay at least a $1.5 billion penalty.
The bill, which did not see action in the last Congress, would establish an Office of Cybersecurity at the Federal Trade Commission (FTC) to conduct regular inspections of the cyber practices at credit reporting agencies. It would also enhance the FTC’s enforcement capabilities against credit reporting agencies by giving the agency civil penalty authority under the Gramm-Leach-Bliley Act, a law that requires financial institutions to explain how they share and protect customer data.
The Democrats behind the bill also unveiled a new report which found that consumers have made over 52,000 complaints with the Consumer Financial Protection Bureau (CFPB) since the Equifax breach. The report found that the number of complaints filed against Equifax in the months after the breach nearly doubled from the amount reported in the same period prior to the incident.
The Equifax data breach resulted in hackers gaining access to the personal information of an estimated 143 million Americans, including Social Security numbers, passport numbers and birth dates.
Copies of the report were sent to both the both the FTC and the CFPB, with lawmakers asking both agencies to “hold Equifax accountable for the 2017 breach without delay.”