House Financial Services Committee Chairman Jeb Hensarling, R-Texas, announced Friday his panel will hold a hearing concerning the recent Equifax “cybersecurity incident,” which could have exposed the personal information of up to 143 million Americans.
From May to July 2017, Equifax said “criminals” violated a U.S. website application vulnerability to gain access to certain files. The primary information collected includes names, Social Security numbers, birthdays, addresses, and even driver’s license numbers. Furthermore, approximately 209,000 American consumers had their credit card numbers collected and dispute documents with personal information for approximately 182,000 Americans was collected.
Hensarling said the breach was “a very serious and very troubling situation.” A date for the panel will be announced in the near future.
“Large-scale security breaches are becoming all too common,” Hensarling said. “Every breach leaves consumers exposed and vulnerable to identity theft, fraud and a host of other crimes, and they deserve answers.”
The Federal Bureau of Investigation is investigating the security breach, according to ABC News. Additionally, an independent cybersecurity firm was hired to provide recommendations to prevent another security breach from happening again.
Equifax created a website, www.equifaxsecurity2017.com, to assist consumers in determining whether their information has been accessed. However, customers who visit the site are prompted to enroll in TrustedID Premier. Those who sign up for TrustedID Premier appear to waive their rights to participate in a class-action lawsuit, according to MarketWatch.
Equifax said the class-action waiver applies to TrustedID, not the cybersecurity breach. The terms for TrustedID require “arbitration of disputes” and “a waiver of the ability to bring or participate in a class action, class arbitration, or other representative action.”
Although the waiver does not apply to the breach, the impact of the breach is not ideal timing for Equifax because customers are wary about waiving their right to a class-action lawsuit in the event a breach occurs with TrustedID.
