Georgia lawmakers want Equifax probe before sanctions


The Senate’s top Democrat compared Atlanta-based credit bureau Equifax to the beleaguered company Enron on Thursday and called on Equifax’s board and CEO to step aside if they can’t commit to protecting the 143 million Americans whose personal information was compromised in a whopping data breach.

Senate Minority Leader Chuck Schumer, D-NY, called for hearings to look into the matter, demanding that Equifax officials agree to testify before his chamber, as well as the Federal Trade Commission and the Securities and Exchange Commission. He demanded that the company comply with any recommendations arising from the government probes.

Schumer said the company also needed to notify their customers who were hacked, provide credit monitoring for 10 years and remove forced arbitration provisions from their terms of use of credit products. If executives do not agree to those terms, Schumer said, CEO Rick Smith and Equifax’s board of directors should be fired.

Schumer gave Equifax until next week to comply, and compared the credit bureau to Enron, the gigantic energy company that declared bankruptcy in 2001, leaving thousands of employees with no savings because their retirement plans were based on Enron shares.

“To give Equifax a week to implement these things is overly generous to the people who did horrible stuff and then, after it happened, did nothing, virtually nothing that showed that they had remorse,” he said.

Georgia’s congressional delegation also called for answers, but tread cautiously on the matter. Most said it’s too early to pursue some of the prescriptions advocated by Democrats, and said congressional probes should move forward first before lawmakers make any decisions on new cybersecurity laws, regulations or other disciplinary actions.

“If you make those decisions before you investigate, you’re going to do the wrong thing,” said U.S. Sen. Johnny Isakson, R-Ga. “You don’t rush to judgment on Equifax. Equifax has got a lot of explaining to do, but you’ve got to give them the chance to explain before you rush to judgment.”

Representatives for Equifax did not respond to requests for comment.

Rhetoric on Capitol Hill has only grown more heated in the week since Equifax disclosed criminals hacked in to their network and exposed sensitive data, such as Social Security numbers. More than half of the nation’s adult population could be affected.

U.S. Sen. Ron Wyden, D-Ore., introduced a bill he said would guarantee all Americans the use of personal identification numbers to freeze and unfreeze their credit for free to help prevent financial fraud in the wake of the cyberattack.

One senator has called for the jailing of some top executives who traded stock before the breach was made public. Equifax has said it learned of the breach July 29, but representatives said the executives were not aware of the incident when they sold a combined $1.8 million worth of stock in early August.

Consumer lawsuits against Equifax are mounting and federal authorities are also investigating the breach and its culprits.

“Let’s get down to as much of the facts as we can and then let that guide our next actions,” said U.S. Rep. Buddy Carter, R-Pooler.

‘Equifax has got to pay’

Congress and consumer watchdogs have trashed Equifax not only for security lapses that led to the breach but for the bungled response that followed. There have been complaints that the company’s call centers are inadequate, and a website for consumers hit by the breach dispensed conflicting information.

Equifax also took heat for language in the terms of use of credit protection products it offered free for one year to victims. It appeared to force consumers to give up their rights to sue or join class actions. Equifax rescinded that language under pressure.

One of the most critical Georgia lawmakers was Democrat Hank Johnson of Lithonia, who said the hack proved the need for Congress to pass two bills he sponsored earlier this year related to data privacy and forced arbitration.

“I will continue introducing these critical bills — fighting to ensure all consumers have the tools they need to protect themselves from identity theft and have their day in court,” he said.

Many Georgia lawmakers have been boosters of the home state credit bureau in the past. The firm has donated thousands to local lawmakers in recent years. Isakson was by far its biggest recipient in 2016 as he ran for reelection.

Equifax is “a longstanding Georgia company, and we want to make sure that they come out of this standing as tall as possible,” said Atlanta Democrat David Scott. “And the way to do that is to … find out what happened and who’s responsible so that (it has) the confidence of the people.”

Scott and Isakson are members of informal House and Senate financial innovation caucuses or groups of lawmakers who say their purpose is to explore “new and innovative technologies in the payments industry and address issues concerning data security, consumer protection and electronic payments.”

Scott said he’s worried that “our lack of cybersecurity is becoming a very serious national security issue” and that some new rules may be needed to beef up enforcement.

“There’s no question about the fact that Congress needs to act here and learn from all of this,” he said.

Isakson said “failure is not an option” given that tremendous number of people affected.

“We’ve got to make sure that the credit is protected, that the information is protected and the consumers are protected,” he said, “and Equifax has got to pay for the mistake, if in fact they made it.”

Pointing fingers

Equifax and a software company have blamed each other for a glitch that allowed hackers to steal the sensitive data.

Late Wednesday, Equifax said that hackers breached a vulnerable spot in a U.S. website application called Apache Struts.

But Apache Software Foundation said in a statement Thursday that it provided and announced a patch for the software fault on March 7, well before Equifax said the security breach began in mid-May.

“In conclusion, the Equifax data compromise was due to their failure to install the security updates provided in a timely manner,” the foundation said.

The 18-year-old foundation said it is an all-volunteer organization that produced open-source Java applications for government and business users, including Fortune 100 companies.

Analysts had suspected the breach was related to the Apache Struts issue.

“At the end of the day, there’s humans building the software core … and at the end of the day there is always vulnerability,” said Dimitri Sirota, CEO of BigID, a data security firm.

MYAJC.COM: REAL JOURNALISM. REAL LOCAL IMPACT.

AJC Business reporter Russell Grantham keeps you updated on the latest news about major companies, CEOs and public utilities in metro Atlanta and beyond. You'll find more on myAJC.com, including these stories:

Never miss a minute of what's happening in local business news. Subscribe to myAJC.com.



Reader Comments ...


Next Up in Local

4th person arrested in double murder related to 1 of victims, GBI says
4th person arrested in double murder related to 1 of victims, GBI says

A fourth person has been arrested and is accused of killing his own relative in a shootout last week between more than a half dozen people in Walton County. Jotavious "Lucky" Fredrick Gunn, 19, turned himself in at the Newton County jail Sunday night, the GBI said. Gunn faces two counts of felony murder and two counts of aggravated...
Freezing start in metro Atlanta
Freezing start in metro Atlanta

Today: Cold morning. Sunny. High: 60 Tonight: Partly cloudy. Low: 32 Tomorrow: Patchy drizzle. High: 60 Don’t let the chill in the air catch you off guard Monday. “It is cold out there this morning,” Channel 2 Action News meteorologist Karen Minton said. A freeze warning issued Sunday is still in effect for much of North Georgia,...
New metro Atlanta express lanes: Traffic relief if you pay by the mile
New metro Atlanta express lanes: Traffic relief if you pay by the mile

Imagine driving 30 miles on metro Atlanta highways at the height of rush hour – and arriving at your destination in less than an hour. Imagine knowing your morning commute will consistently take 45 minutes – instead of worrying that a fender-bender will snarl traffic and make it twice as long. Imagine running late for work, but knowing...
Mother of 5 shot, killed in front of her family
Mother of 5 shot, killed in front of her family

A woman is dead and a manhunt for the father of her children is on after she was shot in front of her family in Marietta, police told Channel 2 Action News. Convicted felon Justin Cox is accused of shooting Felicia Miller, 34, Sunday and leaving her body in a vehicle parked on the driveway in the 300 block of Pin Oak Court. “Mr. Cox is believed...
The Supreme Court sets a date for Georgia’s water wars dispute
The Supreme Court sets a date for Georgia’s water wars dispute

How much water Georgia can withdraw from Lake Lanier to meet its growth needs has been the subject of a long legal battle between Alabama, Florida and Georgia. (AJC/Bob Andres) The U.S. Supreme Court has set a Jan. 8 date to hear arguments in Georgia’s ongoing water rights dispute with Florida, in what could be a final round of...
More Stories