Carper, Portman Statement on Equifax Data Breach Settlement

WASHINGTON, D.C. – Today, U.S. Senators Tom Carper (D-Del.) and Rob Portman (R-Ohio), Ranking Member and Chairman of the Permanent Subcommittee on Investigations (PSI), released a joint statement following news that Equifax, one of the nation’s largest consumer reporting agencies, agreed to pay up to $700 million to settle consumer claims and federal and state investigations into its 2017 data breach that compromised sensitive information of more than 145 million American consumers. In March, Senators Carper and Portman published a report detailing the repeated failures over years on the part of Equifax that led to the devastating data breach in 2017.

“The nearly $700 million settlement announced today brings a degree of closure to one of the most devastating data breaches of our time. As a result of Equifax neglecting cybersecurity and ignoring potential vulnerabilities for years, millions of Americans’ most sensitive information was compromised, and the scale of this settlement speaks to just how massive the Equifax breach was. Back in March, our bipartisan report revealed that Equifax failed to comply with basic cybersecurity practices, leaving millions of Americans personal and financial information at risk.  This breach could have been minimized, if not avoided. In fact, Equifax’s two largest competitors – TransUnion and Experian – received the same information about potential cybersecurity vulnerabilities, took proper steps to secure their systems and, to date, have avoided a breach. While this settlement is welcome news, financial restitution will not put the genie back in the bottle. Millions of American households have been exposed to hackers and, even those who are compensated, may never fully be made whole again. There is far more that needs to be done to ensure that both private and public entities, especially those that rely on the collection of personal data, are prioritizing strong cybersecurity practices in order to protect consumers from a breach of any kind, let alone one of this magnitude.”