Top Dems Release New Staff Report on Equifax Breach Finding Stronger Laws Needed To Thwart Future Cyber Attacks

Dec 10, 2018
Press Release

Washington, D.C. (Dec. 10, 2018)—Today, Rep. Elijah E. Cummings, the Ranking Member of the House Committee on Oversight and Government Reform, and Rep. Eddie Bernice Johnson, the Ranking Member of the House Committee on Science, Space and Technology, issued a new Democratic staff report in response to a Republican staff report on the Committees’ joint investigation into the 2017 Equifax data breach.

“Unfortunately, Committee Republicans issued a report without including Democratic suggestions to prevent data breaches in the future,” Cummings and Johnson said.  “This was a missed opportunity to convert the Committees’ oversight efforts into concrete reforms that would help prevent future data breaches, hold companies accountable, and protect American consumers and their sensitive personal information.”


Shortly after Equifax announced its breach, both Committees initiated a joint investigation into the cause of and measures to help prevent future breaches.  The investigation was a rare bipartisan initiative.  The Committees conducted interviews of company executives and reviewed thousands of pages of company documents.  In addition, Democratic staff met with consumer advocacy groups.


The Republican staff report merely reiterated findings by media outlets and the Government Accountability Office about Equifax’s cybersecurity vulnerabilities and the company’s lack of preparedness to protect breach victims.


In contrast, the Democratic staff report provides detailed legislative and oversight recommendations to better protect consumers from future cyberattacks, including:


  • requiring federal financial regulatory agencies to report their efforts to protect consumers from cybertheft and identify areas Congress could enhance agencies’ authorities to achieve that goal;


  • requiring all federal contractors to comply with established cybersecurity standards and guidance;


  • enacting a comprehensive notification law that governs how data breach victims should be notified; and


  • amending the Federal Trade Commission Act to strengthen civil penalties for private sector violations of consumer data security requirements.


Click here to read the Democratic staff report.


115th Congress