Days after a report emerged that the Consumer Financial Protection Bureau might be pulling back its probe into the Equifax data breach under acting head Mick Mulvaney, Sen. Elizabeth Warren (D-MA) is releasing a new report on the incident that left the personal information of more than 145 million Americans exposed.
In September 2017, the consumer credit reporting agency revealed that millions of its US users had had their personal information, including Social Security numbers, birthdates, and addresses, compromised from mid-May through July 2017. It took about six weeks for Equifax to publicly announcing the breach, during which time three executives sold nearly $2 million worth of the company’s shares.
Warren’s report paints a damning portrait of Equifax’s handling of the data breach before, during, and after the incident. It highlights a number of findings already uncovered in various reports on and inquiries into the Equifax data breach as well as a handful of new details.
Among the findings: The data breach included the passport numbers of an unidentified number of Equifax customers. The company failed to follow its own internal procedures during the data breach, and it hedged in its language around the hack, telling consumers data was “accessed” and not openly saying it was “exfiltrated” — stolen. And Equifax took advantage of a federal contracting loophole, the report alleges, to get a $7 million contractwith the IRS after the breach was revealed. The contract was eventually reversed.