The massive breach of credit rating firm Equifax is attracting scrutiny from government officials across the country. Lawmakers from both parties have expressed concern over the hack, which could have left vulnerable sensitive personal information for as many as 143 million people. The New York, Pennsylvania and Illinois attorneys general have announced formal investigations into the hack.
Officials are alarmed by the scope of the breach as well as Equifax’s terms of service which forces individuals to waive their right to a class-action lawsuit.
Sen. Tammy Baldwin (D-Wis.) called on Senate Commerce Committee Chairman John Thune (R-S.D.) and ranking member Bill Nelson (D-Fla.) to hold a hearing examining the breach.
“Equifax reportedly failed to disclose this massive breach to affected individuals for weeks, meaning the risk of identity theft may have been further aggravated,” Baldwin wrote in her letter to Commerce leaders on Friday. “I am troubled by the company’s failure to address the breach promptly with those whose information was compromised.”
The Senate Commerce Committee announced later on Thursday that it sent a letter to Equifax seeking answers about the extent of the breach and what Equifax is doing to mitigate its impact.
In the House, Financial Services Committee Chairman Jeb Hensarling (R-Texas) said that his committee would hold a hearing on the hacks at a to-be-determined date. Hensarling noted in a statement that such breaches are becoming “too common” and that consumers “deserve answers.”
House Energy and Commerce Committee Chairman Greg Walden (R-Ore.) said that his committee would hold a separate hearing on the matter as well. In a statement, Walden mentioned that he had been receiving briefings from Equifax on the breach. He says he expects the briefings to continue.
Rep. Ted Lieu (D-Calif.) said he’d like the House Judiciary Committee to conduct a hearing on the hack.
On social media, critics cried foul at Equifax’s terms of service, which included an arbitration clause forcing users of its products to waive their right to sue. After being contacted by New York Attorney General Eric Schneiderman’s office, however, Equifax updated its terms of service to note that users checking to see if they were affected by the hack would not be subject to the clause.
Democratic lawmakers quickly blasted the clause prior to its update.
Ohio Sen. Sherrod Brown (D) called it “shameful,” and Sen. Elizabeth Warren (D-Mass.) hammered Equifax’s terms of service in a series of tweets, while praising a new rule by the Consumer Financial Protection Bureau that would ban such clauses.
The Securities and Exchange Commission (SEC) could get also involved in the matter to examine potential insider trading.
Several days after Equifax says it learned of the hack, company executives unloaded almost $2 million worth of shares, Bloomberg reports. Ines Gutzmer, a spokeswoman for the company told the outlet that the three executives “sold a small percentage of their Equifax shares,” and they “had no knowledge that an intrusion had occurred at the time.”
Each sold between 4 and 13 percent of their holdings in the company. Bloomberg notes that the sales were not listed in the executives’ pre-scheduled trading plans that company insiders often use to trade stock.
The SEC declined to comment on if it would investigate the matter.
Sylvan Lane contributed.