Friend,

It was just announced that Equifax will pay about $650 to $700 million in fines and consumer redress for losing the critical financial data of 147 million Americans.[1] But as Ed Mierzwinski, our federal consumer program director, told NPR, the payment is more of a parking ticket than a penalty and is not enough to change the Equifax behavior or culture that led to the data breach in the first place.

This settlement isn't enough to truly compensate consumers, and it won't stop a data breach from happening again. The shelf life of financial DNA is forever -- and consumers deserve to have our data security taken seriously.

Equifax and other national credit reporting agencies are long overdue for more oversight -- and the Data Breach Prevention and Compensation Act, re-introduced by Sens. Mark Warner and Elizabeth Warren, is a strong step in that direction.[2] Tell your U.S. senators: Pass this bill before there's another major data breach.
[link removed]

Equifax's negligence two years ago allowed hackers to steal the personal information of almost half our country's population -- including names, driver's license and social security numbers, birth dates, and more.[3]

Unfortunately, this hasn't been the only large-scale data breach in the last two years. Facebook, Google, Marriott and others have all reported serious breaches.[4,5,6] In fact, billions of people were affected by data breaches and cyber attacks in 2018, with losses surpassing tens of millions of dollars.[7]

But what's different about Equifax is that it's one of three large credit bureaus basically in just one business: buying and selling our most personal and private information without our consent. Worse, it failed to keep our information safe. Now shouldn't things change to make sure it doesn't make the same mistake again?

Equifax continues to do business more or less as usual as millions of Americans are dealing with the credit bureau's failure. This new settlement is a step, but it's inadequate. It's what the company thinks it should pay, but not what it deserves to pay -- and it isn't going to protect us from another breach.

It's clear that we need government action to avoid a similar breach from happening in the future and make sure our data security is taken seriously. That's why we need to pass the Data Breach Prevention and Compensation Act. Tell Congress to take decisive action to protect consumers from future data breaches.
[link removed]

The Data Breach Prevention and Compensation Act would:

* Impose mandatory, strict liability penalties for breaches of consumer data at large credit reporting agencies.
* Increase penalties in cases of woefully inadequate cybersecurity or if a credit reporting agency fails to notify the FTC of a breach in a timely manner.
* Establish an Office of Cybersecurity at the Federal Trade Commission (FTC) tasked with annual inspections and supervision of cybersecurity at large credit reporting agencies.
* Require the FTC to compensate consumers with 50 percent of the money from fines.

This legislation could help prevent another Equifax-like hack from happening in the future -- and in the case that such a breach does occur, the company responsible would be held accountable, and the consumers affected would be rightly compensated.

For example, if this legislation had been in place before the Equifax breach, Equifax would be paying not $650 million, but $1.5 billion in penalties, much of which would have gone to compensating the victims of the breach.[8]

We live in the age of big data. More and more information about the private details of our lives is collected, analyzed and sold by massive financial institutions, and, too often this information is handled irresponsibly, or put at risk without our consent or control. It's time our lawmakers took clear action to protect consumers and our data instead of the data dealing companies.

Tell your senators: It's time to step up our data breach protection.
[link removed]

Thank you,

Faye Park
President

1. Stacy Cowley, "Equifax to Pay at Least $650 Million in Largest-Ever Data Breach Settlement," The New York Times, July 22, 2019
[link removed]
2. "Warner, Warren Reintroduce Legislation to Hold Equifax, Other Credit Reporting Agencies Accountable for Data Breaches," Mark R. Warner, May 7, 2019.
[link removed]
3.Tara Siegel Bernard, Tiffany Hsu, Nicole Perlroth and Ron Lieber, "Equifax Says Cyberattack May Have Affected 143 Million in the U.S.," The New York Times, September 7, 2017.
[link removed]
4. Brian Barrett and Lily Hay Newman, "The Facebook Security Meltdown Exposes Way More Sites Than Facebook," Wired, Sept. 28, 2018.
[link removed]
5. Julia Carrie Wong and Olivia Solon, "Google to shut down Google+ after failing to disclose user data leak," The Guardian, October 12, 2018.
[link removed]
6. Seena Gressin, "The Marriott data breach," Federal Trade Commission, December 4, 2018.
[link removed]
7. Mike Snider, "Your data was probably stolen in cyberattack in 2018 -- and you should care," USA TODAY, December 28, 2018.
[link removed]
8. "Warren, Warner Unveil Legislation to Hold Credit Reporting Agencies Like Equifax Accountable for Data Breaches," warren.senate.gov, January 10, 2018.
[link removed]
-----------------------------------------------------------

Donate Today: [link removed]

Join us on Facebook: [link removed]
Follow us on Twitter: [link removed]

U.S. PIRG
Main Office: 1543 Wazee St., Ste. 460, Denver, CO 80202, (303) 801-0582
Federal Advocacy Office: 600 Pennsylvania Ave. SE, 4th Fl., Washington, DC 20003, (202) 546-9707
Member Questions or Requests: 1-800-838-6554.

If you want us to stop sending you email then follow this link:
[link removed]