WASHINGTON, D.C. – In response to the Equifax breach, U.S. Senator Tim Kaine today called on the Federal Trade Commission (FTC) to outline specific actions being taken to ensure consumers do not fall victim to a second round of attacks on their personal information. In the letter to Acting Chairman of the FTC Maureen Ohlhausen, Kaine, joined by Senators Bob Menendez (D-NJ), Dianne Feinstein (D-CA), Jack Reed (D-RI), and Ron Wyden (D-OR), expressed concern over the breach that exposed the personally identifiable information of more than 143 million people.
“With more than half of the U.S. adult population exposed and vulnerable to identity theft, criminals have an extensive range of potential victims, and the FTC has a critical role to play to protect consumers from additional harm,” the Senators wrote. “The internet presents a formidable obstacle to law enforcement, with new bad actors constantly replacing those who have been apprehended. Nonetheless, we have a responsibility to do everything within our power to remain vigilant and prevent harm wherever possible.”
The Senators also expressed concern about Equifax’s own diligence in vetting after it tweeted links to a fake website in response to consumer requests for information and assistance in the aftermath of the data breach.
The letter poses five specific questions to the Acting FTC Chairman:
1. To what extent, if at all, is the FTC tracking Equifax frauds and scams? Is FTC tracking this information in conjunction with any other federal agencies?
2. What steps is the FTC taking to combat Equifax scammers? Please be specific as to how resources are being deployed to combat both internet and phone scams.
3. What steps is FTC taking to educate consumers and ensure they do not fall prey to frauds and scams related to the Equifax data breach?
4. Is the FTC working with all three of the major consumer reporting agencies to identify, report, and interdict these frauds and scams? Please be specific as to what steps are being taken.
5. Does the FTC have sufficient authority and/or resources to effectively combat these frauds and scams? If not, what else is needed?
The full text of the Senators’ letter to the FTC can be found below:
Dear Acting Chairman Ohlhausen:
As you know, the recent Equifax data breach exposed the personally identifiable information of more than 143 million people. Predictably, a number of unscrupulous actors have used the data breach as an opportunity to take advantage of consumers. We write to request specific information as to what actions the Federal Trade Commission (FTC) is taking to ensure consumers do not fall victim to a second round of attacks on their personal information.
Almost immediately after the breach, fake websites appeared claiming to allow consumers to check whether their information was exposed.[1] The websites, sent to consumers via email and text message, are nothing more than phishing sites. In addition, some consumers received calls from entities claiming to be Equifax, with fraudulent representatives asking the consumer to verify account information.[2] Other consumers received calls from entities claiming to be the IRS.[3] Further complicating matters, through its own Twitter account, Equifax tweeted links to a fake website in response to consumer requests for information and assistance.[4] With more than half of the U.S. adult population exposed and vulnerable to identity theft, criminals have an extensive range of potential victims, and the FTC has a critical role to play to protect consumers from additional harm.
The internet presents a formidable obstacle to law enforcement, with new bad actors constantly replacing those who have been apprehended. Nonetheless, we have a responsibility to do everything within our power to remain vigilant and prevent harm wherever possible. Given the breadth of the Equifax data breach and the potential for widespread abuse, we request answer to the following questions no later than October 30:
(1) To what extent, if at all, is the FTC tracking Equifax frauds and scams? Is FTC tracking this information in conjunction with any other federal agencies?
(2) What steps is the FTC taking to combat Equifax scammers? Please be specific as to how resources are being deployed to combat both internet and phone scams.
(3) What steps is FTC taking to educate consumers and ensure they do not fall prey to frauds and scams related to the Equifax data breach?
(4) Is the FTC working with all three of the major consumer reporting agencies to identify, report, and interdict these frauds and scams? Please be specific as to what steps are being taken.
(5) Does the FTC have sufficient authority and/or resources to effectively combat these frauds and scams? If not, what else is needed?
The severity of the damage inflicted by largescale data breaches demands our immediate attention. Left ignored, the harm done to American consumers is likely to be multiplied many times over by those who see the Equifax data breach as a scamming opportunity. Thank you for your prompt attention to this matter.
Sincerely,
###
[1] Wolf Richter, How to protect yourself from Equifax scams, Business Insider (Sept. 20, 2017), at http://www.businessinsider.com/how-to-protect-yourself-from-equifax-scams-2017-9.
[2] Kathy Kristof, Equifax data breach and credit freeze: Beware these 3 scams, CBS News (Sept. 16, 2017), at https://www.cbsnews.com/news/equifax-data-breach-credit-freeze-phishing-other-scams/
[3] David P. Willis, Equifax scams: 5 tricks used by fraudsters, Asbury Park Press (Sept. 22, 2017), at http://www.app.com/story/money/business/consumer/press-on-your-side/2017/09/22/equifax-scams-security/690910001/.
[4] Selena Larson, Equifax tweets fake phishing site to concerned customers, CNN (Sept. 20, 2017), at http://money.cnn.com/2017/09/20/technology/business/equifax-fake-site-twitter-phishing/index.html.