Identity theft is a huge problem for consumers. The Federal Trade Commission reported 399,225 cases of identity theft in the United States in 2016. Of these, 29% concerned the use of personal data to commit tax fraud. More than 32% said their data was used for credit card fraud, a significant increase from 16% in 2015. A 2015 report from the Department of Justice found that 86% of identity theft victims were victims of fraudulent use of existing account information, such as credit card or bank account information. The same report estimated the cost to the U.S. economy at $15.4 billion. “Companies that benefit from personal information have an additional responsibility to protect and secure that data,” said FTC Chairman Joe Simons. “Equifax failed to take fundamental steps that could have prevented the breach, which affected approximately 147 million consumers. This regulation requires the company to take steps to improve the security of its data in the future and will ensure that consumers harmed by this breach can receive help to protect themselves from identity theft and fraud. If you were affected by the breach, you were entitled to at least four years of free credit monitoring from Experian.

The deadline to submit a claim to receive this service has passed. Now it`s time for you to activate the credit monitoring service you claimed. On September 7, 2017, Equifax announced that it had breached the data of approximately 143 million U.S. consumers. The same announcement said some British and Canadian consumers were also affected, but did not give a specific figure. The company said the unauthorized access occurred from mid-May to July 2017. The hackers did not access data from Equifax`s main consumer credit reporting databases, but from the web application of the company`s online dispute resolution portal in the United States. The data included: This wasn`t the first time Equifax was hacked due to the company`s security breaches.

Earlier, in March 2017, Equifax faced a separate breach. In this case, the company notified a small number of the bank`s customers and retained a security firm to help investigate the breach. While not disclosed by Equifax, no evidence was found that any data was accessed or stolen. Even earlier, in December 2016, a security researcher examined Equifax`s servers and warned the company that its system was vulnerable to the type of hack that took place in 2017. Equifax eventually patched this vulnerability, but only after the breach occurred in mid-2017. The investigation by an independent cybersecurity team following the breach in mid-2017 also identified other vulnerabilities. According to recent reports, the Consumer Financial Protection Bureau has closed its investigation into the 2017 Equifax data breach, which exposed the personal data of 145.5 million Americans. CFPB acting director Mulvaney failed to seek subpoenas or obtain affidavits from Equifax executives. Mulvaney also ended plans to test Equifax`s security systems and declined offers from regulators to help with the investigation. EPIC asked the Senate Banking Committee to investigate the matter, stating, “If the reports are accurate, Director Mulvaney`s failure to conduct a thorough investigation into the Equifax affair borders on misconduct.” Last fall, EPIC President Marc Rotenberg testified at a Senate hearing about the Equifax breach.

EPIC described the data breach as one of the worst in U.S. history. Christine Bannan of EPIC also suggested measures to strengthen privacy protections for U.S. consumers. What happens if sensitive information falls into the wrong hands? With the advancement of technology in the twenty-first century comes the growing problem of data breaches where sensitive information is exposed. 7. In September 2017, Equifax, one of the top three credit reporting agencies in the United States, announced one of the largest data breaches in U.S. history. The data breach affected approximately 145 million consumers and was followed by a wave of consumer class action lawsuits. This note explains why class action lawsuits and arbitration are not viable remedies for massive data breaches when companies like credit reporting agencies are hacked and, in this case, where Equifax has been hacked. In addition, the notice also recommends the creation of an independent victim recovery fund as a solution to the Equifax data breach.

The fund would build on other proven victim compensation funds, such as the September 11 Victims Compensation Fund and the Deepwater Horizon Settlement Fund. First, Congress should establish national baseline standards for reporting data breaches to limit the damage caused by data breaches. The federal standard should require immediate and effective notification to affected consumers, regulators and the public. Businesses are increasingly interacting with consumers on social media and through automated text and electronic messaging, so it`s reasonable to expect businesses to be able to notify consumers within 48 to 72 hours of a breach. In a press release, the House Government Oversight and Reform Committee issued a report criticizing the Office of Personnel Management`s handling of the data breach in 2015. The breach compromised the information of more than 21.5 million people, including federal employees, their families and friends. The report concluded that the OPM violation was preventable and recommended numerous measures, including reducing the use of Social Security Numbers. For many years, EPIC has called on the government and Congress to promote privacy-enhancing techniques that minimize or eliminate the collection of personal information. EPIC also supported new restrictions on the collection and use of VMS. This year, EPIC launched Data Protection 2016, a bipartisan campaign to make privacy an issue in the 2016 election. Credit reporting agency Equifax took weeks to respond to a cybersecurity breach, putting millions of people at risk of identity theft. Equifax Inc.

will pay $380.5 million to resolve allegations related to a data breach in 2017 under an agreement approved by the Northern District of Georgia. Equifax, one of the three largest consumer credit reporting agencies in the United States, announced in September 2017 that its systems had been hacked and that the sensitive personal information of 148 million Americans had been compromised. The data breached included names, home addresses, phone numbers, dates of birth, social security numbers, and driver`s license numbers. The credit card numbers of approximately 209,000 consumers were also breached. The Equifax privacy breach is unprecedented in scale and seriousness. There have been major security breaches by other companies in the past, but the sensitivity of the personal data held by Equifax and the scale of the problem make this breach unprecedented. The scope and frequency of data breaches has increased in recent years. Notable violations include: Attorneys General actively responded to the violation. Maura Healey, Massachusetts` attorney general, has filed a lawsuit against Equifax. The complaint alleges violations of Massachusetts consumer protection and privacy laws. New York Attorney General Eric Schneiderman introduced the Stop Hacks and Improve Electronic Data Security Act (SHIELD Act). Bill (1) would require any company that holds sensitive New Yorker data to maintain appropriate administrative, technical and physical safeguards; (2) the types of data that trigger reporting requirements to include username-password combinations, biometrics, and health data covered by HIPAA; and (3) provide safe harbor protection to organizations that receive independent certification that their data security measures meet the highest standards.

The attorneys general of Connecticut, Illinois, Pennsylvania and the District of Columbia sent a joint letter to Equifax informing the company of their intention to investigate the violation. The letter was signed by attorneys general from dozens of other states. In fact, it wasn`t until July 2017 that Equifax discovered that its ACIS database was unpatched when the security team discovered suspicious traffic on its network. An investigation by the company found that several hackers were able to exploit the ACIS vulnerability to gain access to Equifax`s network, where they accessed an insecure file containing administrative credentials stored in plain text. These credentials allowed hackers to access large amounts of consumers` personal data and operate undetected on Equifax`s network for months. One of the many concerns highlighted in the Senate Finance Committee`s letter to Equifax is the possibility that the breach could lead to fraud against the Medicare and Medicaid programs.