FTC, Congress, States Investigating Equifax Over Data Breach

The U.S. Federal Trade Commission and a powerful Congressional committee are investigating the data breach at Equifax Inc., deepening government scrutiny of the cyber attack that may have compromised the privacy of 143 million U.S. consumers.

The probes by the FTC and the House Oversight Committee, made public Thursday, add to a string of state and federal investigations into the cyber attack that has reverberated across Washington, triggered public outrage and sent the company’s shares to their lowest level since February 2016.

The House Oversight Committee is seeking documents and a briefing from Equifax as part of an investigation, according to a letter sent Thursday by the committee’s chairman, Trey Gowdy of South Carolina, to Chief Executive Officer Richard Smith. The House Committee on Science, Space and Technology is also investigating.

The Oversight Committee, which has broad subpoena power, is interested in the implications of the breach “for the federal workforce and national security,” according to the letter.

Senate Minority Leader Chuck Schumer said Thursday that Equifax “stunningly and epically” failed to protect people’s sensitive information. In a speech on the Senate floor, he called the data breach “one of the most egregious examples of corporate malfeasance since Enron.”

“We need to get to the bottom of this, the murky bottom, the dirty bottom,” he said.

Shares Plunged

Equifax dropped as much as 9.5 percent and closed down 2.4 percent to $96.66. The shares have plunged 32 percent since the company disclosed the hack on Sept. 7.

Businesses Need Cyber Insurance Against Government: Kroll Executive

“The FTC typically does not comment on ongoing investigations. However, in light of the intense public interest and the potential impact of this matter, I can confirm that FTC staff is investigating the Equifax data breach,” Peter Kaplan, an agency spokesman, said by email on Thursday.

New York’s banking regulator, the Department of Financial Services, is reviewing the hack for possible violations of state law, Bloomberg BNA reported on Wednesday. DFS supervises banks and insurers licensed in the state and also put cybersecurity rules into effect this year.

Several state attorneys general are also conducting probes. The Consumer Financial Protection Bureau, which has the authority to monitor credit-reporting companies, has said it’s looking into the breach and how the company has responded.

FTC Authority

The FTC has authority to examine whether Equifax’s data security practices were reasonable and whether the company was living up to representations it made about how secure the data was. The commission typically investigates whether a company’s data security measures were appropriate in light of the sensitivity and volume of the consumer information it holds, the size of its business, and the cost to reduce vulnerabilities, according to the agency.

More than one-third of U.S. senators want the Securities and Exchange Commission and the Justice Department to examine whether Equifax managers violated insider-trading laws when they sold stock days after the company found out it was hacked.

Equifax announced last week that hackers had gained access to sensitive data including Social Security numbers, drivers license records and birth dates. The company is among a handful of firms that control data such as credit histories that banks rely on to issue loans.

Related: