Did you know that Truthout is a nonprofit and independently funded by readers like you? If you value what we do, please support our work with a donation.
The Federal Trade Commission (FTC) became the first economic regulator to formally announce an investigation into Equifax’s handling of a cyber intrusion that left more than 100 million Americans vulnerable to identity theft.
An FTC spokesman confirmed the probe one day after dozens of lawmakers urged the agency and other government bodies to look into the behavior of the credit reporting company before and after the breach was discovered.
“The FTC typically does not comment on open investigations,” said Peter Kaplan on Thursday. “However in light of the intense public interest and the potential impact of this matter, I can confirm that FTC staff is investigating the Equifax data breach.”
The Consumer Financial Protection Bureau (CFPB) and several state attorneys general are also looking into Equifax, according to unattributed statements to journalists.
The company announced earlier this month that the breach resulted in the possible theft of 144 million Americans’ personal information, including social security numbers, dates of birth, and drivers’ license numbers.
On Wednesday, Equifax claimed to USA Today that the compromise was due to a website vulnerability. Cybersecurity professionals told the outlet, however, that Equifax’s failure to install “security updates provided in a timely manner” was responsible for the breach.
Most interesting to lawmakers, and perhaps other investigative bodies, are the actions of company executives prior to the incident. Equifax’s Chief Financial Officer and two other top executives dumped $1.8 million in company stock shortly before the company claims it discovered the breach. The public wasn’t notified until six weeks later.
“Hey, @equifax, just following up. Why did your execs sell stock before your company told the public of security breach? LMK ASAP,” Sen. Brian Schatz (D-Hawaii) tweeted on Tuesday.
Schatz was part of a bipartisan group of 36 Senators that wrote a letter to the FTC, the Securities and Exchange Commission (SEC), and the Department of Justice on Wednesday calling for an investigation.
“We request that you conduct a thorough examination of any unusual trading, including any atypical options trading, for violations of insider trading law,” the lawmakers wrote.
The SEC and the DOJ have not publicly announced any actions.
The company’s post-breach actions are under scrutiny also. After announcing the data loss, the company set up a web portal for customers to find out if they were affected. Before singing up, however, customers were required to agree to a forced-arbitration clause, preventing them from joining a class action suit against the company.
After an intense public backlash, including a push from New York Attorney General Eric Schneiderman, the company clarified that the forced-arbitration provision does not apply to the “cyber security incident.”
Trump is silencing political dissent. We appeal for your support.
Progressive nonprofits are the latest target caught in Trump’s crosshairs. With the aim of eliminating political opposition, Trump and his sycophants are working to curb government funding, constrain private foundations, and even cut tax-exempt status from organizations he dislikes.
We’re concerned, because Truthout is not immune to such bad-faith attacks.
We can only resist Trump’s attacks by cultivating a strong base of support. The right-wing mediasphere is funded comfortably by billionaire owners and venture capitalist philanthropists. At Truthout, we have you.
Truthout has launched a fundraiser, and we have only 48 hours left to raise $21,000. Please take a meaningful action in the fight against authoritarianism: make a one-time or monthly donation to Truthout. If you have the means, please dig deep.