In the wake of a data breach of Equifax that could impact 143 Americans, the House Energy & Commerce Committee has promised to hold a hearing.
That came after the committee received a briefing from Equifax.
No date was set, but the committee said it would continue to get updates from Equifax and work with leadership on timing.
“This unprecedented data breach could impact tens of millions of Americans and raises serious questions about the security of our personal information online," said Committee Chairman Greg Walden (R-Ore.). "After receiving an initial briefing from Equifax, I have decided to hold a hearing on the matter so that we can learn what went wrong and what we need to do to better protect consumers from serious breaches like this in the future."
The data broker revealed Thursday (Sept. 7) the "cybersecurity incident" that it said potentially impacted about half the population.
The information involved included "names, Social Security numbers, birth dates, addresses and, in some instances, driver's license numbers," said the company, adding: "In addition, credit card numbers for approximately 209,000 U.S. consumers, and certain dispute documents with personal identifying information for approximately 182,000 U.S. consumers, were accessed."
The company said it discovered the breach on July 29 and immediately took steps to stop the breach and reported it to law enforcement. It also said there was no evidence that the breach involved its "core consumer or commercial credit reporting databases."
In the wake of the breach, Sen. Mark Warner (D-Va.), co-founder of the Senate Cybersecurity Caucus, said Congress might need to rethink cybersecurity policies in the wake of a data breach of Equifax, one of the largest data brokers in the U.S.
The promised House hearing comes as concern grows over the breach.
“This data breach is one of the most alarming we’ve seen. The number of Americans impacted is enormous. I am deeply concerned that Equifax seems to be charging victims for services to identify and protect themselves from damages relating to the breach," said Maryland Attorney General Brian Frosh. "It would compound the outrage if Equifax was profiting from its failure to maintain safely all of the data in its charge.
“My office has reached out to Equifax and is seeking answers to understand the circumstances that led to the breach. Equifax must disclose the reasons for the apparent delay between the breach and the company’s public announcement, what protections the company had in place at the time of the breach, and why it appears to be attempting to profit from its own negligence." Equifax sells an identity theft monitoring service, TrustedID.
"Equifax. Verizon. Yahoo. eBay. What we see is nearly weekly evidence that leading corporations are not practicing proper IT Asset Management (ITAM) to protect sensitive consumer information," said Dr. Barbara Rembiesa, president and CEO of the International Association of IT Asset Managers. "We know how to prevent these breaches and secure equipment, software, websites and apps. There is just no excuse for this sort of thing to go on."
Last week, House Energy & Commerce Committee Democrats sent a letter to the GAO urging it to do more to monitor whether credit monitoring services provide effective consumer protections.