March 26, 2019

Warren, Cummings Release GAO Report Recommending Stronger Consumer Protections to Prevent Another Equifax Breach

GAO warns that the Equifax breach revealed "higher risks to consumers" from the consumer credit reporting industry; vulnerabilities spur calls for stronger consumer privacy protections

Report (PDF)

Washington, DC - United States Senator Elizabeth Warren (D-Mass.) and Chairman of the House Oversight and Reform Committee Elijah Cummings (D-Md.) today released the findings of a Government Accountability Office (GAO) report, entitled "Actions Needed to Strengthen Oversight of Consumer Reporting Agencies."  

The lawmakers requested this GAO report on September 15, 2017, eight days after Equifax publicly announced that the company had allowed a massive data breach that ultimately affected over 145 million Americans.

This is the second GAO report on the Equifax breach requested by Sen. Warren and Chairman Cummings; the first, released in August 2018, revealed significant failures by Equifax that were exploited by the hackers. This new report focuses on federal regulation of consumer credit reporting agencies (CRAs) like Equifax, and makes recommendations for actions to improve oversight and better protect consumers.

GAO recommended that the Federal Trade Commission (FTC) be given stronger civil penalty authority to enforce laws that protect consumer data, and that the Consumer Financial Protection Bureau (CFPB) improve its oversight and supervision of CRAs.  

"The Equifax breach revealed major gaps in how CRAs protect and use consumers' private information, and the report we released today confirms that vulnerabilities still exist," said Sen. Warren and Chairman Cummings. "The GAO has issued very clear recommendations on how to protect consumers, so let's follow them. We need to give the FTC more tools to crack down on consumer data abuses and the CFPB needs to do its job, hold these firms accountable, and protect consumers."

GAO concluded: "The 2017 data breach of Equifax highlighted the data security risks associated with CRAs. While companies in many industries have experienced data breaches, CRAs may present heightened risks because of the scope of sensitive information they possess and because consumers have very limited control over what information CRAs hold and how they protect it. These challenges underscore the importance of appropriate federal oversight of CRAs' data security."

Warren and Cummings released the report in advance of a hearing of the House Oversight and Reform Subcommittee on Economic and Consumer Policy, chaired by Representative Raja Krishnamoorthi (D-Ill.), to examine GAO's recommendations, as well as efforts by the FTC and the CFPB to oversee consumer reporting agencies' handling of consumer data.