The Federal Trade Commission (FTC) became the first economic regulator to formally announce an investigation into Equifax’s handling of a cyber intrusion that left more than 100 million Americans vulnerable to identity theft.
An FTC spokesman confirmed the probe one day after dozens of lawmakers urged the agency and other government bodies to look into the behavior of the credit reporting company before and after the breach was discovered.
“The FTC typically does not comment on open investigations,” said Peter Kaplan on Thursday. “However in light of the intense public interest and the potential impact of this matter, I can confirm that FTC staff is investigating the Equifax data breach.”
The Consumer Financial Protection Bureau (CFPB) and several state attorneys general are also looking into Equifax, according to unattributed statements to journalists.
The company announced earlier this month that the breach resulted in the possible theft of 144 million Americans’ personal information, including social security numbers, dates of birth, and drivers’ license numbers.
On Wednesday, Equifax claimed to USA Today that the compromise was due to a website vulnerability. Cybersecurity professionals told the outlet, however, that Equifax’s failure to install “security updates provided in a timely manner” was responsible for the breach.
Most interesting to lawmakers, and perhaps other investigative bodies, are the actions of company executives prior to the incident. Equifax’s Chief Financial Officer and two other top executives dumped $1.8 million in company stock shortly before the company claims it discovered the breach. The public wasn’t notified until six weeks later.
Schatz was part of a bipartisan group of 36 Senators that wrote a letter to the FTC, the Securities and Exchange Commission (SEC), and the Department of Justice on Wednesday calling for an investigation.
“We request that you conduct a thorough examination of any unusual trading, including any atypical options trading, for violations of insider trading law,” the lawmakers wrote.
The SEC and the DOJ have not publicly announced any actions.
The company’s post-breach actions are under scrutiny also. After announcing the data loss, the company set up a web portal for customers to find out if they were affected. Before singing up, however, customers were required to agree to a forced-arbitration clause, preventing them from joining a class action suit against the company.
After an intense public backlash, including a push from New York Attorney General Eric Schneiderman, the company clarified that the forced-arbitration provision does not apply to the “cyber security incident.”
We need to update you on where Truthout stands this month.
To be brutally honest, Truthout is behind on our fundraising goals for the year. There are a lot of reasons why. We’re dealing with broad trends in our industry, trends that have led publications like Vice, BuzzFeed, and National Geographic to make painful cuts. Everyone is feeling the squeeze of inflation. And despite its lasting importance, news readership is declining.
To ensure we stay out of the red by the end of the year, we have a long way to go. Our future is threatened.
We’ve stayed online over two decades thanks to the support of our readers. Because you believe in the power of our work, share our transformative stories, and give to keep us going strong, we know we can make it through this tough moment.
Our fundraising campaign ends in a few hours, and we still must raise $11,000. Please consider making a donation before time runs out.