Cyber Risk

Senator Warren criticizes Equifax potential to profit from breach

WASHINGTON (Reuters) - U.S. Senator Elizabeth Warren criticized Equifax Inc EFX.N on Wednesday, saying it failed to protect customers adequately after a massive data breach and stood to gain financially from a hack that exposed information on more than 140 million people.

Slideshow ( 3 images )

“The breach of your system has actually created more business opportunities for you,” Warren, a Democrat known for her consumer advocacy, told former Equifax Chief Executive Officer Richard Smith during his second congressional grilling this week.

In addition to providing consumer credit reports, Equifax offers products to protect people’s data from misuse.

Warren said this business mix creates a conflict of interest by making Equifax responsible for protecting consumer data while allowing it to profit from consumers’ attempts to mitigate the breach.

“Equifax is making money, millions of dollars off its own screw-up and meanwhile the potential cost to Equifax are shockingly low,” Warren told Smith, 57, during the U.S. Senate Banking Committee hearing.

Smith retired from the credit reporting company last week but led it during the time of the breach, which it disclosed last month.

Smith conceded the hack created an opportunity for fraud, and the company could profit from consumers seeking to protect their data. But he defended Equifax’s social utility. The company gathers data on consumers which it then sells to banks to allow them to better assess a borrower’s creditworthiness.

“The company has been around for 118 years and for most of those 118 years has done good things,” Smith said.

Following the hearing, Warren told reporters that Equifax’s new product allowing individuals to “lock” and “unlock” their credit reports does not provide sufficient protection and only a change in law can fully shield people’s information.

“It only applies to Equifax. Consumers are now vulnerable to the loss of their data and some thief going through one of the other credit reporting agencies. That’s why we need to change the law. We need to make it in place forever and make sure consumers have control over their own data,” she said.

Wednesday’s hearing was the second of four hearings for Smith this week as lawmakers scrutinize the breach.

Several lawmakers on Wednesday also questioned why Equifax had been granted a contract with the Internal Revenue Service to help verify taxpayer data.

Speaking before Congress on Tuesday, Smith repeatedly apologized for the breach, saying it took weeks for the credit bureau to understand the extent of the intrusion.

Reporting By Patrick Rucker; additional reporting by Lisa Lamberg; editing by Michelle Price and Cynthia Oterman