WASHINGTON – Financial Services Committee Chairman Jeb Hensarling (R-TX) delivered the following opening statement at today’s hearing to examine the Equifax data breach:
On September 7, Equifax announced what it called a “cybersecurity incident” at its business that potentially affects 145 million U.S. consumers, nearly half of all Americans. In other words, if you are hearing my voice, you are either the victim of the breach or you know someone who is. That’s how massive this breach was. The criminals got basically everything they need to steal your identity, open credit card accounts in your name and cause you untold frustration and financial calamity.
This may be the most harmful failure to protect private consumer information the world has ever seen.
The company’s response to this breach has left much to be desired. For weeks Equifax failed to disclose the breach to consumers and its shareholders. It provided confusing information about whether people were victims of the breach or not. And beyond belief, senior executives sold their Equifax shares after the company knew of the breach and before the company disclosed the breach. I trust the Justice Department and the Securities and Exchange Commission will get to the bottom of this.
Clearly, action by the Federal Trade Commission, the Consumer Financial Protection Bureau and potentially other regulators is required. Congress must ensure that federal law enforcement and federal regulators do their jobs so justice can be served and victims are made whole. We must thoroughly examine if our agencies and statutes like Gramm, Leach, Bliley; the Fair Credit Reporting Act; and UDAAP are up to the job.
In this era of big data, large-scale security breaches unfortunately are becoming all too common. The increasing frequency and sophistication of cyberattacks demands heightened vigilance and enhanced efforts to safeguard consumers.
Protecting consumers starts with requiring effective measures to prevent data breaches in the first place.
Given the federal government’s own poor track record when it comes to protecting personal information – witness the SEC and the OPM hacks as two recent examples – we must be cautious about attempts to “never let a good crisis go to waste” and impose a Washington-forced technology solution. That may be antiquated as soon as it is imposed. However, we do need a consistent national standard for both data security and breach notification in order to better protect our consumers, hold companies accountable and assure that this affair does not repeat itself.
Our committee passed such legislation nearly two years ago – the bipartisan Data Security Act. The need to revisit that legislation and, where necessary, improve upon it should be obvious to all. The status quo is failing consumers and leaving them extremely vulnerable.
So I look forward to working with all members on both sides of the aisle and working with the administration to ensure that Americans across the country will be protected and no longer have to lose sleep over the kind of breaches we are discussing today.###