Equifax CEO and Chairman Richard Smith may be gone, but consumer and government criticism and scrutiny of the credit-reporting giant’s massive cyberbreach continues to mount.
At least one sign of potential new government action against Equifax surfaced within hours of the company’s leadership shakeup. Federal Trade Commission responses to questions from Sen. Mark Warner, D-Va. signaled that the cyberbreach could prompt sanctions against the company, which is operating under an FTC consent decree related to improper handling of consumer information.
The federal regulator said it is “considering whether any FTC order covers the practices at issue and, if so, what remedies may be available. A party that is found to have violated an FTC order may be subject to contempt sanctions and civil penalties.”
Separately, Equifax also faces:
- An investigation by the Consumer Financial Protection Bureau, which January ordered Equifax and TransUnion, two of the three largest U.S. credit-reporting firms, to pay $23.1 million collectively in consumer restitution and fines for deceptions about the usefulness and true cost of credit sold to consumers.
- A lawsuit filed last week by the Massachusetts Attorney General’s office that alleges the company knew about electronic vulnerabilities yet failed to protect consumer data. The New York Attorney General’s office is conducting a similar investigation.
- First-ever regulations of the company and other credit-reporting firms by the New York Department of Financial Services. The regulations require the companies to meet cybersecurity standards and empower the agency’s superintendent to refuse to renew their registrations in some cases.
- Scheduled and expected hearings on Capitol Hill. The proceedings include a Tuesday hearing by the House Subcommittee on Digital Commerce and Consumer Protection. Smith is expected to testify and answer questions about the cyberbreach.
Most congressional action so far has focused on getting Equifax’s explanations of how the cyberbreach occurred, details on electronic safeguards the company had in place, and what the company plans to do besides the offer of free credit monitoring and identity-theft protection.
Rep. Greg Walden, R-Oregon, who chairs the House Committee on Energy and Commerce, acknowledged the possibility of new federal regulations in a recent CNBCinterview about Equifax. But he also sounded a cautionary note about over-regulating, citing a need to “get the facts first, the policy second, but always put the consumer ahead of both.”
Smith, 57, a 12-year Equifax veteran, bowed out Tuesday amid the continuing fallout from its Sept. 7 disclosure that hackers executed an electronic attack that compromised personal data for 143 million Americans — nearly half the U.S. population.