WASHINGTON – The U.S. Federal Trade Commission said on Thursday it was investigating Equifax Inc.’s massive data breach, and a top Democrat suggested the credit-monitoring company’s corporate leaders might need to resign.
Shares of Equifax fell 2.4 percent on Thursday and trading volume hit a record high. The shares have lost 32 percent since the company disclosed the hack on Sept. 7.
Senate Democratic leader Chuck Schumer compared Equifax to Enron, the U.S. energy company that filed for bankruptcy in 2001 after revelations of a widespread accounting fraud.
“It’s one of the most egregious examples of corporate malfeasances since Enron,” Schumer said, calling Equifax’s treatment of consumers “disgusting” and its inability to protect data “deeply troubling.”
FTC spokesman Peter Kaplan said that his agency normally would not comment on an Equifax probe. “However, in light of the intense public interest and the potential impact of this matter, I can confirm that FTC staff is investigating the Equifax data breach,” he said in an email statement.
The company has tangled with the FTC over consumers’ efforts to correct errors in credit reports. In 2012, it settled FTC allegations that it had improperly sold data on consumers who were behind on their mortgages.
Schumer said Equifax’s chief executive officer and board might need to resign if the company does not take concrete steps within the next week to protect consumers.
“We need to get to the bottom of this — the very bottom, the murky bottom, the dirty bottom,” he said.
Equifax CEO Richard Smith has agreed to testify on Oct. 3 before a U.S. House of Representatives panel.
The Federal Bureau of Investigation has opened an investigation into the breach, and nearly 40 states have joined a probe of Equifax’s handling of the situation.
Equifax did not respond to requests for comment. The company, which disclosed the breach more than a month after it learned of it on July 29, said at the time that thieves may have stolen the personal information of 143 million Americans in one of the largest hacks ever.
On Thursday, at least three bills were introduced in response to the hack. Four Democratic senators, including Ed Markey of Massachusetts, sponsored legislation that would require Equifax and other data brokers to be held accountable for errors.
“This bill requires data brokers to put in place comprehensive privacy and data security programs so that consumers in Massachusetts and throughout the country do not experience another Equifax,” Markey said.
Confirming what many cybersecurity experts expected, Equifax said late on Wednesday that hackers used a flaw in its open-source Struts software, distributed by the nonprofit Apache Software Foundation, to break into its systems. A patch for the vulnerability was issued in March, two months before Equifax said hackers began siphoning data.
The decision to not install that patch was “beyond troubling,” said U.S. PIRG, a grassroots advocacy group which has recommended that consumers put freezes on their credit.
Consumers Union sent a letter to Equifax’s chief executive, saying the company’s response to the massive breach was “wholly inadequate.”
Consumers Union urged Equifax to pay for credit freezes for consumers, give free extended credit monitoring, provide details about the breach and create a fund to compensate consumers who were harmed when their data was exposed.
Cowen Group said in a report that Equifax could reduce the public pressure on it by acting quickly to make management changes and help consumers who were harmed by the breach.
In a time of both misinformation and too much information, quality journalism is more crucial than ever.
By subscribing, you can help us get the story right.