September 22, 2017

Senator Warren Expands Equifax Investigation with Three New Information Requests

Requests SEC Investigation into Misleading Investor Disclosures, Additional Information from Equifax Board on Compensation Clawbacks, and Details of DHS US-CERT Notification

Text of the letter to SEC (PDF)
Text of the letter to Equifax Board of Directors (PDF)
Text of the letter to DHS (PDF)

Washington, DC - U.S. Senator Elizabeth Warren (D-Mass.) today expanded her investigation into the causes of the recent Equifax breach, the company's response, and possible next steps to address problems at credit reporting agencies and better protect consumers. The Senator wrote to the Chairman of the Securities and Exchange Commission (SEC), Equifax's Board of Directors, and the Department of Homeland Security (DHS), to request additional information as she continues her investigation.

Senator Warren urged SEC Chairman Jay Clayton to investigate whether Equifax violated federal securities laws that prohibit public companies from misleading investors. The Senator noted that despite discovering the breach on July 29th and retaining a cybersecurity firm to investigate it four days later, Equifax failed to disclose those material facts during an investor presentation on August 16th.  "Investors who believed Equifax's August 16th presentation was complete and accurate would have suffered enormous losses if they decided to invest in the company on the basis of the presentation," wrote Senator Warren. Equifax's share price has dropped more than 30% since its investor presentation and subsequent announcement of the breach on September 7th.

In a letter to Mr. Robert D. Marcus, Chairman of the Compensation Committee of the Equifax Board of Directors, Senator Warren and Senator Catherine Cortez Masto (D-Nev.) requested details on the rationale and financial consequences of the retirement, roughly a week after the Equifax data breach was reported, of two Equifax executives who had direct responsibility over data security.  The Senators also requested information about Equifax's clawback policy, and whether the company would invoke it to recover incentive compensation from the two executives.

In a third letter, Senator Warren wrote to DHS Acting Secretary Elaine Duke, and the Department's Acting Deputy Undersecretary of Cybersecurity, about reports that the United States Computer Emergency Readiness Team (US-CERT) warned Equifax, months before it occurred, about the exact vulnerabilities exploited during the breach. Equifax appears to have failed to address the vulnerabilities despite US-CERT's notification.  "I am deeply concerned about Equifax's failure to address the vulnerability US-CERT identified," wrote Senator Warren.  "Companies like Equifax that collect massive amounts of data on millions of Americans should have the most robust data security practices.  At a minimum, that means addressing clearly identified cybersecurity threats as quickly as possible." The Senator asked DHS to provide additional information about US-CERT's warnings to Equifax and the company's response.

These letters are the second phase of an investigation launched last week by Senator Warren. Following the breach and Equifax's delayed and lackluster response, Senator Warren initially sent letters to Equifax; to the other two large credit reporting agencies (TransUnion and Experian); to the Federal Trade Commission (FTC) and Consumer Financial Protection Bureau (CFPB) on oversight actions prior to and following the breach; and to the Government Accountability Office to request a thorough investigation into consumer data security of credit reporting agencies.

Senator Warren has also introduced the Freedom from Equifax Exploitation (FREE) Act to give control over credit and personal information back to consumers. The legislation would allow consumers to freeze and unfreeze access to their credit file for free.  It would also prevent credit reporting agencies from profiting off of consumers' information during a freeze, enhance fraud alert protections, and provide the opportunity for consumers to receive an additional free credit report following the Equifax data breach.  Finally, the bill would force Equifax and the other credit reporting agencies to refund any fees they charged for credit freezes in the wake of the Equifax data breach.








Photo Credit: Blogtrepreneur, Licensed under Creative Commons.