U.S. consumers deserve to know how the massive data breach happened at the national credit bureau Equifax, and they deserve reassurances that changes will be made to prevent such threats to their financial security in the future.
Unfortunately, the federal agency that should be investigating how Equifax failed to protect the personal data of nearly 150 million Americans doesn’t seem to be doing much of anything in that regard.
Maybe that’s because the agency, the Consumer Financial Protection Bureau, is now under the direction of a former Republican congressman who once drafted a bill to abolish it. The new CFPB head is Mick Mulvaney, who is also President Donald Trump’s budget director. He took over the independent agency in November, after its founding director, Richard Cordray, resigned. Since then, according to news reports, Mulvaney has been taking steps to make the CFPB less aggressive, including reining in investigations of predatory payday lenders.
The CFPB was established after the 2008 financial crisis to look out for consumers by “making rules more effective, consistently and fairly enforcing those rules, and empowering consumers to take more control over their economic lives.” Since taking charge, Mulvaney has amended that mission statement, which appears at the end of every press release, by adding the words “by regularly identifying and addressing outdated, unnecessary, or unduly burdensome regulations.”
Apparently, Mulvaney does not consider looking into the Equifax data breach to be a high priority. He has reportedly pulled back from a full-scale probe.
That would be too bad, because the security of the data handled by Equifax and the two other primary national consumer credit bureaus is vital to most Americans. And dealing with the credit bureaus in general and the Equifax failure specifically is an area in which many consumers could use some help. When the news broke in September, months after Equifax knew about it, that hackers had stolen the data Equifax had collected on millions of Americans, many people did not know what they should do.
Even after Equifax offered a year of free credit monitoring and identity theft protection, and no-charge freezing of one’s credit report, many people were confused. Many of them took no action.
Equifax, TransUnion and Experian credit bureaus are able to amass vast amounts of personal data about individuals. They sell that information to businesses that are deciding whether to approve those people for such things as car loans, mortgages, auto insurance and even jobs.
The Equifax breach pointed out how important these credit bureaus are and how devastating it can be if the information they have about ordinary people gets into the wrong hands. Initial reports said the hackers had acquired Social Security numbers, driver’s license numbers and credit card numbers — everything they would need to make purchases, set up fraudulent accounts and otherwise steal someone’s financial identity. More recent reports say they also were able to steal tax ID numbers, email addresses and other information on drivers’ licenses.
The ability not only to amass that information but also to sell it for profit should come with great responsibility. Unfortunately, Equifax did not take its responsibility to protect the data seriously enough.
Who knows when the next breach will come, at Equifax or at one of the other credit bureaus? Who knows what could and should have been done differently to prevent the theft of the personal information of millions of Americans? What changes are in order now?
The CFPB should be looking vigorously into these questions, finding out what went wrong and how such potentially devastating data breaches can be prevented.
Instead, under Mulvaney, the CFPB seems to care more about protecting businesses and reducing regulations. Millions of Americans who are going about their lives and business, following the rules and giving out personal information in good faith when required, deserve better than that.
They deserve answers and protection.