WASHINGTON: The US Federal Trade Commission said on Sept 14 that it was investigating Equifax Inc's massive data breach, and a top Democrat suggested the credit-monitoring company's corporate leaders might need to resign.
Shares of Equifax fell 2.4% on Sept 14 and trading volume hit a record high. The shares have lost 32% since the company disclosed the hack on Sept 7.
Senate Democratic leader Chuck Schumer compared Equifax to Enron, the US energy company that filed for bankruptcy in 2001 after revelations of a widespread accounting fraud.
"It's one of the most egregious examples of corporate malfeasances since Enron," Schumer said, calling Equifax's treatment of consumers "disgusting" and its inability to protect data "deeply troubling".
FTC spokesman Peter Kaplan said that his agency normally would not comment on an Equifax probe. "However, in light of the intense public interest and the potential impact of this matter, I can confirm that FTC staff is investigating the Equifax data breach," he said in an email statement.
The company has tangled with the FTC over consumers' efforts to correct errors in credit reports. In 2012, it settled FTC allegations that it had improperly sold data on consumers who were behind on their mortgages.
Schumer said Equifax's chief executive officer and board might need to resign if the company does not take concrete steps within the next week to protect consumers.
"We need to get to the bottom of this – the very bottom, the murky bottom, the dirty bottom," he said.
House Republican Lamar Smith of Texas, who chairs the Committee on Science, Space, and Technology, and South Carolina Republican Trey Gowdy, who chairs the Committee on Oversight and Government Reform, said both committees would investigate the Equifax hack.
They requested documents relating to the hack, the decision to publicise it, the company's cybersecurity and federal contracts from the company by Sept 28.
Equifax CEO Richard Smith has agreed to testify on Oct 3 before a US House of Representatives panel.
The Federal Bureau of Investigation has opened an investigation into the breach, and nearly 40 states have joined a probe of Equifax's handling of the situation.
Equifax did not respond to requests for comment. The company, which disclosed the breach more than a month after it learned of it on July 29, said at the time that thieves may have stolen the personal information of 143 million Americans in one of the largest hacks ever.
On Sept 14 at least three bills were introduced in response to the hack. Four Democratic senators, including Ed Markey of Massachusetts, sponsored legislation that would require Equifax and other data brokers be held accountable for errors.
"This bill requires data brokers to put in place comprehensive privacy and data security programs so that consumers in Massachusetts and throughout the country do not experience another Equifax," Markey said.
Confirming what many cyber security experts expected, Equifax said late on Sept 13 that hackers used a flaw in its open-source Struts software, distributed by the nonprofit Apache Software Foundation, to break into its systems. A patch for the vulnerability was issued in March, two months before Equifax said hackers began siphoning data.
The decision to not install that patch was "beyond troubling", said US PIRG, a grassroots advocacy group which has recommended that consumers put freezes on their credit.
Consumers Union sent a letter to Equifax's chief executive, saying the company's response to the massive breach was "wholly inadequate".
Consumers Union urged Equifax to pay for credit freezes for consumers, give free extended credit monitoring, provide details about the breach and create a fund to compensate consumers who were harmed when their data was exposed.
Despite shares of Equifax heading for their biggest weekly drop since July 2001, most of Wall Street still recommended buying the stock.
Of 15 analysts covering the stock, four rate it a 'strong buy' while eight rate it a 'buy' and just three have a neutral rating, according to the latest data from Thomson Reuters. — Reuters