Federal Trade Commission is Investigating Equifax Breach

The government’s consumer cop is investigating whether the credit rating agency Equifax was negligent in allowing the personal information of 143 million Americans to be compromised, a spokesman said Thursday.

The move could mark the Federal Trade Commission’s first major cyber enforcement action during the Trump administration.

Numerous lawmakers had called on the commission to launch such an investigation, including Sen. Mark Warner, D-Va., ranking member on the House Intelligence Committee, and Sen. Gary Peters, D-Mich.

» Get the best federal technology news and ideas delivered right to your inbox. Sign up here.

Sens. Orrin Hatch, R-Utah, and Ron Wyden, D-Ore., chair and ranking member of the Senate Finance Committee, are also seeking information from Equifax regarding the breach.

“The FTC typically does not comment on ongoing investigations,” Spokesman Peter Kaplan said in an email. “However, in light of the intense public interest and the potential impact of this matter, I can confirm that FTC staff is investigating the Equifax data breach.”

The commission, which sues companies that mistreat consumers, has become increasingly aggressive in recent years at targeting companies with lax cybersecurity and cyber hygiene practices that ended up hurting consumers.

Most prominently, the Wyndham hotel chain settled a dispute with the commission in 2015 after a long legal battle over a breach that exposed customers’ credit and debit card data.

The settlement requires Wyndham to substantially improve its information security practices and to undergo third-party audits of those practices for 20 years.

More recently, the commission charged the Taiwanese electronics firm D-Link for building hackable internet of things devices that helped power the Mirai botnet, which forced numerous prominent websites offline in January.

Because most industries aren’t legally required to follow a specific set of cybersecurity procedures, it’s typically more difficult for the commission to prove negligence or wrongdoing in the digital domain.

Also on Thursday, four Democratic senators introduced legislation requiring Equifax and other data brokers to develop comprehensive data security programs.

The bill from Sens. Edward Markey, D-Mass, Richard Blumenthal, D-Conn., Sheldon Whitehouse, D-R.I., and Al Franken, D-Minn., would direct the trade commission to create a website that lists all covered data brokers and details consumer rights regarding data security.

Wyden also introduced a bill Thursday that would allow Americans to freeze and unfreeze their credit information for free in response to data breaches and other cyber incidents.