A group of lawmakers has called on Equifax to improve its offer of credit protection and identity-theft services to the millions of consumers affected by a data breach reported by the company in September.
In a letter to Equifax Interim CEO Paulino do Rego Barros Jr., all Democratic members of the House Committee on Oversight and Government Reform pressed the company to provide victims at least three years of credit protection and identity-theft services.
Equifax is currently providing only one year of protection and services.
The lawmakers noted that the company’s own IT executive has said that the one-year offer is inadequate. Equifax’s chief information security officer had said that criminals who steal sensitive data are unlikely to disseminate it when law enforcement is actively searching for it. The officer also said that cyber criminals would likely wait a year or more before attempting to sell the data on the black market.
The letter also cited experts and consumer advocates who have warned against the one-year protection. For example, the Consumers Union has warned that “the risks to consumers due to this breach are not limited to one year—data exposed to hackers could be used to open fraudulent accounts several years in the future.”
“Given the sensitive nature of the personal information that was stolen—and the ability of criminals to store and use that information for years to come—we believe that the millions of US consumers whose personal information was compromised in the Equifax data breach should receive the most robust form of credit protection and identity theft services available,” the lawmakers wrote.
Equifax appoints chief information security officer
31 senators ask CFPB for Equifax probe details