Oversight Dems Press Equifax to Provide At Least Three Years of Identity Theft Protection

Feb 20, 2018
Press Release

Oversight Dems Press Equifax to Provide

At Least Three Years of Identity Theft Protection

 

Company’s Own Top IT Official Agrees That Current One Year Plan

Won’t Adequately Protect Consumers After Massive Breach

 

Washington, D.C. (Feb. 20, 2018)—Today, all of the Democratic Members of the House Committee on Oversight and Government Reform, led by Ranking Member Elijah E. Cummings, sent a letter pressing Equifax to provide at least three years of credit protection and identity theft services to the millions of consumers impacted by the company’s massive data breach last year.

“We are writing to request that you extend from one year to at least three years the credit protection and identity theft services you are providing to victims of last year’s massive data breach at Equifax, particularly since your own top IT official warned that one year of protection is inadequate,” the Democrats wrote.

During a briefing for Committee staff on October 19, 2017, Equifax’s Chief Information Security Officer explained that criminals who steal sensitive data are unlikely to disseminate it when law enforcement is actively searching for it.  He also stated that these cyber criminals would likely wait a year or more before attempting to sell this data on the black market.

Leading experts and consumer advocates have also warned that one year of protection is insufficient:

  • The Federal Trade Commission cautioned that Equifax’s credit monitoring “lasts only one year and the threat of identity theft relating to the breach is likely to last a lot longer than that.”
  • Consumers Union warned that “the risks to consumers due to this breach are not limited to one year—data exposed to hackers could be used to open fraudulent accounts several years in the future.” 
  • The U.S. Public Interest Research Group explained that one year of credit monitoring is inadequate since the “stolen information does not have a shelf life.”
  • The Office of Personnel Management (OPM), after its own systems were hacked in 2015, provided “credit monitoring, identity monitoring, identity theft insurance, and identity restoration services for a period of three years,” and Congress later extended protection to ten years.

“Given the sensitive nature of the personal information that was stolen—and the ability of criminals to store and use that information for years to come—we believe that the millions of U.S. consumers whose personal information was compromised in the Equifax data breach should receive the most robust form of credit protection and identity theft services available,” the Members wrote.

Click here to read today’s letter.

 

115th Congress