The U.S. Consumer Financial Protection Bureau has put on hold a full-scale investigation into how Equifax failed to protect personal details of millions of customers following last year’s data breach, according to Reuters.
Equifax had previously confirmed that the data breach had compromised names, phone numbers, driving license numbers and other details of 693,665 UK consumers.
In September last year, U.S. credit rating agency Equifax revealed that it had suffered a major data breach that compromised personal details of millions of customers, including credit card details of over 209,000 citizens.
The credit agency later confirmed that among those impacted were 693,665 UK consumers whose phone numbers, driving license numbers, Equifax usernames, passwords, email addresses and partial credit card details were accessed by hackers. In January, Equifax said that telephone numbers of a further 167,431 British customers were compromised as well. The breach had also compromised details of as many as 143 million U.S. citizens.
Following Equifax’ admission, Richard Cordray, Director of the U.S. Consumer Financial Protection Bureau (CPFB), had announced that his department would conduct a full-scale investigation into how Equifax failed to protect personal details of millions of customers.
However, according to some unnamed CPFB sources who spoke to Reuters, the investigation was put in cold storage after Cordray was replaced by Mick Mulvaney as head of the bureau. Mulvaney is currently the Director of the Office of Management and Budget in Donald Trump’s administration.
While it was previously believed that both the CPFB and the FTC would examine the breach together, only the latter issued subpoenas to Equifax to initiate an in-depth investigation, thereby suggesting that CPFB was no longer interested in pursuing the matter.
‘Three sources say, though, Mulvaney, the new CFPB chief, has not ordered subpoenas against Equifax or sought sworn testimony from executives, routine steps when launching a full-scale probe. Meanwhile the CFPB has shelved plans for on-the-ground tests of how Equifax protects data, an idea backed by Cordray.
‘The CFPB also recently rebuffed bank regulators at the Federal Reserve, Federal Deposit Insurance Corp and Office of the Comptroller of the Currency when they offered to help with on-site exams of credit bureaus, said two sources familiar with the matter,’ said Reuters. This is quite significant considering that Cordray had expressly asked bank regulators to join in fresh cyber security exams of the bureaus after the breach took place.
Despite not being pursued actively by the CPFB, Equifax is currently facing investigation by the FTC as well as 240 class action lawsuits in almost every U.S. state from affected citizens.
However, the credit agency continues to be involved in the identity security system for the MySocialSecurity online portal which is owned by the US’s Social Service Administration.
In fact, according to POLITICO, Equifax was awarded a $7.25 million contract in October last year ‘to verify taxpayer identities and help prevent fraud under a no-bid contract issued last week, even as lawmakers lash the embattled company about a massive security breach that exposed personal information of as many as 145.5 million Americans.’
Image source: POLITICO