How Equifax Neglected Cybersecurity and Suffered a Devastating Data Breach: Data Breach Notification Standards, Federal Government's Role in Sharing Information on Cybersecurity Threats

This Congressional report has been professionally converted for accurate flowing-text e-book format reproduction.

The effects of data breaches are often long-lasting and challenging to reverse. Victims who have had their sensitive personal or financial information stolen by hackers can be left with years of expense and hassle. No type of entity or sector of the economy has been immune to data breaches. In 2018 alone, Google+, Facebook, Ticketfly, T-Mobile, Orbitz, Saks, Lord & Taylor, and Marriott all announced significant breaches. The importance of protecting personally identifiable information ("PII") grows with every successive data breach.

The information collected by consumer reporting agencies ("CRAs") to compile credit reports is one example of PII that must be protected. This information includes a consumer's name, nicknames, date of birth, Social Security number, telephone numbers, and current and former addresses. Credit reports also typically include a list of all open and closed credit accounts, account balances, account payment histories, and the names of creditors. The information tells the story of a consumer's financial life and can determine whether they can rent an apartment, buy a car, or qualify for a home loan. If stolen, criminals can use it to do significant financial harm. The steps CRAs take to safeguard consumers' credit histories are extremely important. If that information is compromised, consumers should know to be on heightened alert to monitor their finances and mitigate any potential damage.

In 2017, one of the largest CRAs, Equifax Inc. ("Equifax") announced that it had suffered a data breach that involved the PII of over 145 million Americans. The Subcommittee investigated the causes of this breach to identify ways to prevent future incidents of this scope. The Subcommittee also reviewed the efforts of Equifax's two largest competitors, Experian plc ("Experian") and TransUnion LLC ("TransUnion"), in responding to the vulnerability that ultimately led to the Equifax data breach.

This compilation includes a reproduction of the 2019 Worldwide Threat Assessment of the U.S. Intelligence Community.

Dettagli