Sen. Mark Warner (D-Va.) says Congress may need to rethink cybersecurity policies in the wake of a data breach of Equifax, one of the largest data brokers in the U.S.
The company revealed Thursday (Sept. 7) a "cybersecurity incident" that it said potentially impacted 143 million consumers, or about half the population.
The information involved included "names, Social Security numbers, birth dates, addresses and, in some instances, driver's license numbers," said the company, adding: "In addition, credit card numbers for approximately 209,000 U.S. consumers, and certain dispute documents with personal identifying information for approximately 182,000 U.S. consumers, were accessed."
The company said it discovered the breach on July 29 and immediately took steps to stop the breach and reported it to law enforcement. It also said there was no evidence that the breach involved its "core consumer or commercial credit reporting databases."
That was cold comfort for Warner.
“The recent news that one of the largest credit reporting agencies and data brokers in the U.S. suffered a breach involving over 143 million Americans is profoundly troubling," said Warner, co-founder of the Senate Cybersecurity Caucus. "While many have perhaps become accustomed to hearing of a new data breach every few weeks, the scope of this breach – involving Social Security Numbers, birth dates, addresses, and credit card numbers of nearly half the U.S. population – raises serious questions about whether Congress should not only create a uniform data breach notification standard, but also whether Congress needs to rethink data protection policies, so that enterprises such as Equifax have fewer incentives to collect large, centralized sets of highly sensitive data like SSNs and credit card information on millions of Americans."
He said the breach threatened the economic security of Americans.
Warner has been pushing for legislation establishing a uniform breach notification standard requiring "timely consumer notification" of breaches of financial and other sensitive data.