August 14, 2019

Senator Warren Requests FTC Inspector General Investigation of the Agency's Misleading Equifax Settlement Descriptions

FTC did not advise consumers affected by the Equifax breach of the likely reduction of their settlement payments.

Washington, DC - United States Senator Elizabeth Warren (D-Mass.) sent a letter to the Federal Trade Commission (FTC) Inspector General (IG) Andrew Katsaros requesting an investigation into the agency's misleading description of the Equifax settlement. The FTC told the public in its July 2019 "Equifax Data Breach Settlement" web posting that once the claims process begins, consumers can request either "free credit monitoring OR $125." However, after millions of consumers flooded the site and requested a cash payment, the FTC is now telling them that "each person who takes the money option is going to get a very small amount(,) (n)owhere near the $125 they could have gotten if there hadn't been such an enormous number of claims filed."

On September 7, 2017, Equifax revealed that the company had exposed the sensitive personal information of more than 145 million Americans in one of the largest and most consequential data breaches in U.S. history. On July 22, 2019, the FTC announced that Equifax had agreed to pay between $575 and $700 million in a global settlement with the FTC, Consumer Financial Protection Bureau (CFPB), and state attorneys general. The settlement includes $300 million for a fund "to provide affected consumers with credit monitoring services," as well as an additional $125 million if the initial payment "is not enough to compensate consumers for their losses."

In a website post the same day as the settlement, entitled "Equifax Data Breach Settlement," the FTC stated that once the claims process began, consumers could request either "free credit monitoring OR $125." In an infographic published soon after the settlement, the FTC said consumers could "sign up for free credit monitoring for up to 10 years OR get a cash payment of $125." These pages did not inform consumers that the cash payment is subject to - and in fact, very likely to face - severe reduction. This is because the $31 million set aside for compensation would pay only 248,000 individuals the maximum of $125 - less than 1% of the 145 million individuals affected by the breach.

"The FTC has the authority to investigate and protect the public from unfair or deceptive acts or practices, including deceptive advertising," wrote Senator Warren. "Unfortunately, it appears as though the agency itself may have misled the American public about the terms of the Equifax settlement and their ability to obtain the full reimbursement to which they are entitled."
To determine how the FTC made a series of decisions that will result in millions of Americans receiving only a small portion of the $125 previously promised due to Equifax's failures, Senator Warren asks that the FTC IG conduct an investigation into the terms and FTC's public description of the settlement with Equifax.

In the aftermath of the massive Equifax breach in 2017, Senator Warren opened an investigation into the causes of the breach and the company's response, and since then, has taken numerous actions to address data security problems, improve federal oversight of financial institutions, and better protect consumers:

  • Senator Warren recently pressed Capital One in August 2019 regarding the massive data breach revealed earlier this month that compromised sensitive personal information of over 100 million Capital One customers.
  • In June 2019, Senators Warren and Wyden, and Chairman Cummings released a Government Accountability Office (GAO) report identifying significant gaps in the federal government's treatment of citizens' personally identifiable information.
  • In May 2019, Senator Warren and Chairman Cummings reintroduced the bicameral Data Breach Prevention and Compensation Act with Senator Mark Warner (D-Va.) and Representative Raja Krishnamoorthi (D-Ill.) to hold large credit reporting agencies (CRAs) accountable for data breaches involving consumer data.
  • In April 2019, Senator Warren introduced the Corporate Executive Accountability Act, legislation that would make executives of big corporations criminally liable if their companies commit crimes, harm large numbers of people through civil violations, or commit new violations while under the supervision of the court or a regulator for a previous violation. The bill would make it easier to send executives to jail who are found liable or enter a settlement with any state or Federal regulator for the violation of any civil law if that violation affects the health, safety, finances, or personal data of 1% of the American population or 1% of the population of any state.
  • Senator Warren and Chairman Cummings released two additional GAO reports, prepared at their request, detailing how hackers exploited significant vulnerabilities at Equifax to gain access to the sensitive personal information of more than 145 million Americans and recommending stronger consumer protection efforts to prevent another Equifax disaster. GAO recommendations were incorporated into the lawmakers' 2019 bill.
  • Senator Warren released the first comprehensive review of consumer complaints in the wake of the breach, revealing that the CFPB received more than 20,000 consumer complaints following the Equifax breach.
  • In March 2018, on the 10th anniversary of the collapse of Bear Stearns, which marked the beginning of the financial crisis, she introduced the Ending Too Big to Jail Act, a bill that would make it easier to bring criminal charges against bank executives whose organizations defraud consumers.
  • Senator Warren unveiled a 15-page report in February 2018 containing the findings of a four-month long investigation into how Equifax failed to protect the personal data of more than 145 million Americans.