March 01, 2018

Warren Statement on Equifax Disclosure of 2 Million More Americans Affected by Massive Data Breach

Washington, DC - United States Senator Elizabeth Warren (D-Mass.) released the below statement in response to Equifax identifying 2.4 million more people affected by its massive data breach than initially reported:

"I spent 5 months investigating the Equifax breach and found the company failed to disclose the full extent of the hack. Today, Equifax acknowledged that 2.4 million more people were affected than initially reported and that driver's license information was also stolen. Equifax can't be trusted. Their mistakes allowed the breach to happen, their response has been a failure, and they still can't level with the public," said Senator Warren. "Enough is enough. We have to start holding the credit reporting industry accountable. I have a bill with Senator Warner that would impose massive, mandatory penalties when companies like Equifax expose millions of Americans' personal information. If we want to prevent another Equifax breach, the Senate should pass it."

Background on Senator Warren's work on Equifax:

Senator Warren has repeatedly pressed Equifax on the extent of the breach. She also launched an investigation and released a 5-month investigative report on Equifax's failure to disclose the full extent of their massive breach. After the Senator's report, the Wall Street Journal revealed that hackers accessed data such as tax identification numbers, email addresses, and drivers' license information beyond what the company originally disclosed - confirming Equifax neglected to disclose the full extent of the data breach to the United States Congress and the American public.

Following her report and the WSJ story, Senator Warren sent another letter to Equifax calling on them to clarify the conflicting and confusing information they've provided about the extent of their data breach.

In January, Senators Warren and Warner introduced legislation to impose massive, mandatory penalties for security breaches from credit reporting agencies. Under this legislation, Equifax would have paid at least $1.5 billion in penalties.