After the enormous Equifax hack, many expected the government and industry professionals to put measures in place designed to protect against similar hacks down the road. Unfortunately, it seems the opposite is happening. According to reports, the head of the Consumer Financial Protection Bureau (CFPB), Mick Mulvaney, recently decided to pull “back from a full-scale probe of how Equifax Inc failed to protect the personal data of millions of consumers.”
Don’t know about the Equifax hack? Well, back in September, Equifax announced that “hackers had stolen personal data it had collected on some 143 million Americans.” Shortly after the announcement, the CFPB director at the time authorized an investigation, though he “resigned in November and was replaced by Mulvaney, President Donald Trump’s budget chief.” Since then, efforts to investigate the hack have puttered out, “raising questions about how Mulvaney will police a data-warehousing industry that has enormous sway over how much consumers pay to borrow money.”
What can the CFPB really accomplish, though? Well, for starters, the agency has the “tools to examine a data breach like the one that happened with Equifax,” though it can’t formally “acknowledge an open investigation,” according to spokesman John Czwartacki. He added, “the bureau has the desire, expertise, and know-how in-house to vigorously pursue hypothetical matters such as these.” However, according to Czwartacki and other sources, Mulvaney “has not ordered subpoenas against Equifax or sought sworn testimony from executives, routine steps when launching a full-scale probe.” Additionally, the agency has allegedly “shelved plans for on-the-ground tests of how Equifax protects data…and recently rebuffed bank regulators at the Federal Reserve, Federal Deposit Insurance Corp and Office of the Comptroller of the Currency when they offered to help with on-site exams of credit bureaus.”
For now, the massive data breach is being investigated by the Federal Trade Commission and Equifax itself is juggling “more than 240 class action lawsuits.”
Despite what investigations do and don’t happen, one thing is for certain: the Equifax hack “exposed vulnerabilities in how the companies keep data safe and highlighted how credit bureaus exist in a regulatory grey zone where they are partly regulated by several agencies.” Given the fact that companies like Equifax “collect and store personal information on scores of millions of consumers,” it’s only natural that many are calling for firmer regulations and investigations to ensure a similar hack doesn’t happen again.
So why does there seem to be a reluctance by Mulvaney and the CFPB to act? Well, some argue that many Republicans have been attacking the CFPB ever since it came into existence seven years ago. Meanwhile, Mulvaney, who assumed his position as head of the CFPB back in November, put a hold on many of the agency’s projects, saying he would need at least a month before tackling any projects like an Equifax investigation so he could spend time understanding his job.
What do you think? Should an investigation into the hack have happened a long time ago?