Transcripts For CSPAN2 Equifax Data Breach 20171018 : vimars

CSPAN2 Equifax Data Breach October 18, 2017

Production of consumer data with the Credit Bureau. At equifax hearings we wanted understanding of how Credit Bureaus are regulated and protect data whether there are gaps have long been concerned about the increasing amounts of big Data Collected by companies and by government. Is critical that personal data is collected Consumer Impact is minimized and it is not harmed. The Credit Bureaus play a valuable role to assess a consumers ability and to facilitate access as with most businesses requires the most data secure you that since the of Consumer Information is safeguarded . Two weeks ago they talked about the methods they use to protect their consumer database as encryption and took it is a sham. Richard smith noted while some of the database is ingrafted at rest but that portal that was compromised was the best ways to protect us is the Data Security industry standards and Credit Bureaus. End up with sensitive Consumer Information and what rules the federal agencies play with Data Security and Credit Bureaus given that that is a Financial Institution how does Data Security and oversight compared to that of traditional Financial Institutions . I look forward to hearing from our witnesses to ensure they have those security measures in place to the oversight of Data Security at the Credit Bureau. The Equifax Breach of left with a 145 Million Consumers confused as to what can be done to mitigate damages to their identity and credit we feel starting in january equifax will offer all customers to unlock their credit file for free. For consumers to monitor their Credit Reports. Many rebated confused about which options are best but this hearing will hopefully provide additional clarity we have a shared interest to ensure the Credit Bureau takes the necessary measures to minimize the risk of another breach. Under current law if we like it or not Companies Like equifax can collect personal information from the social media of profiles to track our Grocery Store purposes even to track our daily commutes. They are free to combine and sell the the information to other data mining firms use to make decisions like what kind of car or job those like equifax rarely have to tell us how these decisions are made if they hide behind those pray for it for tight proprietary models. And if they protect people as a recent breach demonstrates the in late to work perfectly to protect consumer data with 145 million data have their data exposed it doesnt seem that corporate data. Because consumers have no place over what is over their Consumer Protection as an afterthought. Talk about those inadequate protections we cannot forget 145 Million People who through no fault of their own have the compromise we dont just talk about how we strengthestrengthe n cybersecurity and examined the effect of the Credit Bureau model to have a long history of consumer complaints with longterm effects to get a house in with those other Data Collection companies. And despite their continued failure to provide accurate Credit Reporting Services meant to give up the bonus to make the concession. And to make them even in more vulnerable and unless things change to pay a price for all of the recklessness and in some cases even giving tax dollars to do a pilot for word to what the witnesses have to say on these matters. First to give testimony of the consumer data industry association. With a private information center. Each of those recognized for five minutes and then we will proceed to questions. To the Ranking Member brown they give for the opportunity to appear before you i am a partner end of the law firm i am appearing today on behalf of the consumer data industry which is a trade association and to protect consumers. Our members include the three national Credit Bureaus. You have asked us to discuss Consumer Protections but first Important Role played by in our economy twothirds of gdp comes from consumer spending. With that Credit Reporting system to open a bank account or purchase a cell phone. More than 40 of consumers with that facilitates in addition to fasting and fair and impartial access to the apartment rental and other essentials services. And under the fair Credit Reporting act to the at impartiality. Of consumer privacy. The most recent revision of this scheme was the addition of the supervisory agency. The first agency not just examining Credit Bureaus but those that contributed into the Credit Bureaus. That continuous supervision begins in earnest in early 2012 have produced a proactive approach to compliance management for consumers for many years to come. Credit bureaus are subject to federal and state laws and because of the key role they played the Banking System also subject to very specific private Data Security requirements. Credit bureaus are required to ensure they only provide Credit Reports to legitimate people for legitimate purposes. It goes beyond contractual certification including Due Diligence from the customers with the continuous monitoring. Also requiring disposal of Credit Reporting information. In addition the safeguard rule as referred to by the chairman to develop better implement comprehensive antiquity programs. And then to maintain reasonable procedures with sensitive personal information. Those and notify consumers so because of their Important Role they are subject to private contract contractual data requirements. To handle credit card information required they comply with that Data Security standards to invalidate such compliance with a Third Party Audit of the security procedures to have a great deal less sensitive customer information they are required by the regulators to conduct regular information security. Each of the three national Credit Bureaus each year. And to share that consumers in businesses with the National Credit reporting system they give for the opportunity to testify will afford to todays dialogue. Thanks for the opportunity to duty to speak with you today. We are in independent Nonprofit Research organization founded 1994 to focus public attention on privacy issues. Arab light to begin to save the equifax data reach is one of the most serious in our nations history. On par with the office of Personnel Management 22. 5 million the breach shows the security of American Families and even our nations security there is no simple solution but in my testimony today i outline the steps i believe congress can take with the data breach. And to save it equifax preacher is remarkable and with the delay of that welldocumented security flaw. More than four months past two installed Critical Software updates and precisely the information the individuals rely upon to open Bank Accounts and get car loans and vice telephones including Social Security numbers and drivers license information and also of the data that criminals use to commit Identity Theft and financial fraud. Equifax is clearly responsible for their breach. And with Hitachi Software foundation and also worth emphasizing equifax chose to collect the personal data because consumers did not provide this information to equifax. And alas Security Strategy with the 145 million Credit Reports to cause of unprecedented harm to have access to credit card numbers consumers can council cancel accounts and change numbers but it is not so easy to change your Social Security number i dont think it is possible to change your data curve. The victims will be exposed to lead in the theft and financial fraud which is already an enormous problem for American Consumers. It is reported almost 400,000 cases of Identity Theft in 2016. And that the cost of the economy per year. Credit reporting agencies in need of reform. And with those steps that could be taken to establish accountability and transparency and with that information to impact the financial future. This means to have a nationwide credit freeze or more precisely in the disclosure of Credit Reports to beyond the optician basis to recognize the value of the American Economy but the consumer should decide if it is there interest to disclose to a third party they should not have to jump through hoops to put on the blocks in freezes to restrict access they should make the affirmative decision. And you should not have to pay to be told there is fraudulent activity on your account. That problem with Credit Monitoring Services so this makes no sense whatsoever. So the consumer should be notified. And with the contents of the Credit Report. So they know who is receiving information and. Chairman and credo and Ranking Member in the committee thank you for the opportunity i am in adults of Security Policy and in this role of a research and analyze what the policy implicatiimplicati ons and management. But my testimony will have an element of cybersecurity. And to address Data Security. And increasingly used catch phrase that all companies are Technology Companies for all companies are dated companies this concept of the death play the Important Role to allow companies to complete compete and thrive in the marketplace. But this also creates risks for corporate leadership to adequately control the risk is objective. The Data Security involves rich Risk Management managing the risks to repair security is the goal they need to understand the vulnerability is they have the consequences. Cybersecurity to discover reformation about that. Those that could craft that message in legal teams to help with those compliance requirements and with those corporations upon others depending on the entity. There would be a delay between the discovery of the attack in the public notification because analysis needs to be conducted of how old they were breached or compromised. And with that business part and that forensic investigator and how they would share information with that phase. And for that extent of the breach but maybe they could ocher, currently. Congress could consider Data Security they could explicitly for the safeguards rule as problem data via the ftc the dialogue created live Credit Reporting agencies come to a greater understanding to allow for those to correct the Security Posture and congress could regulate the retention of data regardless of the type of affinity congress can establish what could be collected how that must we stored so congress did record to identify and disclose to consumers those elements the power is used will provide consumers with Additional Information that may affect the market place for go figure for the opportunity to testify today in the forge your question. I want to inform the question the senators we have a vote and we will keep the hearing running so we will adjust our attendance in you can make plans accordingly. The question is for the whole panel i only have five minutes. This is each reach number there has been a lot of discussion around the security of the Social Security number that should be used as the identifier Going Forward to we need to get rid of it as a personal identifier . How can we ensure such has a drawback . If we eliminate Social Security number we will have to have some other unique identifier to allow those to know who theyre dealing with. My name is andrew smith there are tens of thousands of me but if you look at a Bankruptcy Court record if there is no identifier how you know which one . With simple identification not authentication not that i truly am who i say i am benghazi identify your they do have a role to play whether we need another identifier we are willing to work with you on that to get to the right results for consumers. 84 the question many committees urged the we have never argued for replacement the key point it serves the important purpose that is why it was established and that is where the Legal Authority exists. But the problem was adopted in the private sector to use as the identifier this is contributing to Identity Theft and financial fraud so when we talk about the Social Security number and as we described in the testimony to limit that use digital the be available the private sector. The Social Security number it could lead to do consequences that would it constitutes some level of posture in case there were a breach. By your testimony discuss this encryption with Data Security. As a former ceo mention some of added is a group did well some of that is not our their standards that should be across the board to a identifiable information . Maybe they could prevent that Equifax Breach . So to eliminate that as riskmanagement that they may face with their conduct or their business there is federal guidance created of the implementation and practices of the use of encryption of the data process. So what is implemented where they apply a the encryption and how those keys have legitimate access to continue to conduct business. The ftc has lawenforcement authority and we feel as though we are not unsupervised with respect to the Data Security. We have our banking customers that are regularly auditing us and i say however if there are gaps in supervision we would be happy to talk with you about that. Very quickly. To safeguard rules and important Data Security standards only applies right now after the fact. They can only act against a Credit Reporting Agency once the breach occurs. We think they should have the ability before to inspect and determine compliance with standards. Senator brown. You stated Credit Reporting systems provide critically important benefits and you went on to say indispensable to the economy. I think we all agree with that, so my questions i will start with you and please give a yes or no on this. Do you think the breach or the failure of the Credit Reporting agent the weather is eecho fax or experience, do you think they could have a systematic impact on the u. S. Financial system . Any agency is hard to judge based on the categories of the agency itself, but it is a possibility that it could have an impact. One of the things we need to keep in mind according to the news report the Credit Reporting database wasnt in fact compromised. The compromise of the Credit Reporting database i would have to think about whether it would present that youre the one that starts off saying that the has benefits with a breach of 145 million you dont think it does have a systemic impact in the Financial System . I think that the risk could be managed. Is that a yes or no to the systemic impact . I am not prepared to say that they would have a systemic impact but i would like to think that through. How would you define systemic impact . 145 million sounds systemic. Most of us or our family members have tried to fix inaccuracies that result in the three of the most complained about from collecting new data or providing other services until th

© 2025 Vimarsana