In the wake of the massive data breach that exposed the personal information of 145.5 million U.S. consumers to hackers, Equifax offered to provide a number of services to the affected consumers, including one year of identity theft protection.
But, in the eyes of all 19 Democrats on the House Committee on Oversight and Government Reform, Equifax is not doing enough to make those consumers whole again.
The Democrats, led by Ranking Member Elijah Cummings, D-Maryland, sent a letter to Equifax Interim CEO Paulino do Rego Barros, asking Equifax to boost the consumer protections made available to breach victims.
Specifically, the Democrats want Equifax to provide at least three years of credit protection and identity theft services to the breach victims, rather than the one year Equifax is currently providing.
In the letter, the Democrats say that Equifax’s own chief information security officer admitted in an October 2017 briefing for committee staff that the “criminals” who stole the sensitive personal information are unlikely to try to use it or sell it for more than a year, which the Democrats note would make Equifax’s offer insufficient.
“We are writing to request that you extend from one year to at least three years the credit protection and identity theft services you are providing to victims of last year’s massive data breach at Equifax, particularly since your own top IT official warned that one year of protection is inadequate,” the Democrats wrote in the letter.
The breach, which Equifax disclosed in September, included the names, Social Security numbers, birth dates, addresses and, in some instances, driver’s license numbers, of approximately 145.5 million U.S. consumers.
After the breach, Equifax said that it would provide a service called “TrustedID Premier,” which includes three-bureau credit monitoring of Equifax, Experian and TransUnion credit reports; copies of Equifax credit reports; the ability to lock and unlock Equifax credit reports; identity theft insurance; and Internet scanning for Social Security numbers, complimentary for one year.
But, as the Democrats note, the Federal Trade Commission and other groups warned that the threat of identify theft after a breach like this lasts for longer than one year.
“Given the sensitive nature of the personal information that was stolen—and the ability of criminals to store and use that information for years to come—we believe that the millions of U.S. consumers whose personal information was compromised in the Equifax data breach should receive the most robust form of credit protection and identity theft services available,” the Democrats wrote.
“For these reasons, we respectfully urge you to extend the time period of coverage from one year to a minimum of three years,” they conclude.
Click here to read the Democrats’ letter in full.