Equifax failed to offer basic security, senator says

Equifax (EFX) ignored warnings ahead of a massive security breach of data on more than 145 million Americans, then failed to quickly inform consumers, regulators and investors afterwards. That's according to a report from Sen. Elizabeth Warren, D-Massachusetts, who's calling for "real consequences" when credit reporting agencies "screw up."

The missive by Warren, a vocal critic of banks and other Wall Street entities, comes days after Reuters reported that the Consumer Financial Protection Bureau, or CFPB, had put a probe of the Equifax breach "on ice." Started by former CFPB Director Richard Cordray, the agency's efforts regarding Equifax have derailed under its new head, Mick Mulvaney, the wire service reported.

"Equifax set up a flawed system to prevent and mitigate data security problems, ignored numerous warnings of risks to sensitive data, failed to notify consumers, investors, and regulators about the breach in a timely fashion, took advantage of federal contracting loopholes and failed to protect IRS taxpayer data, and inadequately assisted consumers following the breach," a four-month investigation found, according to a news release.

"The American public deserves answers -- and Mick Mulvaney needs to let the CFPB do its job and investigate Equifax's massive data breach, not shut it down," stated Warren.

The agency in September disclosed that millions of Equifax' U.S. customers had their personal information compromised from mid-May through July 2017. During the roughly six weeks it took for Equifax to make its public announcement, three executives reportedly sold almost $2 million in Equifax shares.

An Equifax spokesperson said Warren's report offered nothing especially new and, therefore, the company had nothing further to add, other than it did want to correct the notion that passports had been affected. It said there was no evidence that was the case.

Barring another credit bureau breach, it's unlikely Equifax and its peers will face tougher regulation favored by Democrats including Warren, said Jaret Sieberg, an analyst at Cowen. 

In her report, the senator noted that no single federal agency has authority to establish cybersecurity requirements and monitor whether companies adhere to the standards. Congress, she said, should empower the Federal Trade Commission to do both, a point Sieberg took note of: "We suspect we will see Democrats increasingly looking to using the FTC over the CFPB while Mulvaney remains in charge."