[BreachExchange] Shaheen to Equifax: Provide Assistance to Small Businesses Caught up in Data Breach

Thu Sep 28 10:23:56 EDT 2017

http://www.4-traders.com/EQUIFAX-INC-12424/news/Shaheen-to-Equifax-Provide-Assistance-to-Small-Businesses-Caught-up-in-Data-Breach-25187024/

September 27, 2017 - Today, Senator Jeanne Shaheen (D-NH) and
Representative Nydia M. Velazquez (NY-07), the top Democrats on the Senate
and House Small Business Committees, wrote the newly installed leadership
of Equifax about the impact the company's historic cybersecurity breach
will have on the country's 29 million small business owners. They are
seeking answers to how the company will contain the damage and help small
business victims.

In a letter to Mark Feidler and Paulino do Rego Barros Jr., Equifax's
Non-Executive Chairman and Interim CEO, Senator Shaheen and Rep. Velazquez
wrote: "The availability of business credit for small business owners is
inextricably tied to their personal credit score, and we are gravely
concerned about the effect this breach will have on the ability of small
businesses to access affordable credit. Given the significant potential
exposure of small businesses as a result of this breach, we urge you to
provide greater assistance for small business owners and different
protective products."

Senator Shaheen said: "We still don't know the full extent of this massive
breach that compromised the personal information of 143 million Americans,
but it has exposed small business owners to identity theft and a
potentially lower credit score. This could be devastating for these
businesses and their ability to get credit on reasonable terms. Equifax has
an obligation to make this right."

The full text of the letter is below and at:
https://www.sbc.senate.gov/public/cache/files/0/7/07b4c9e5-9672-4c4b-8203-91b9fc882d38/F5A58D4B9248CD7225B3DFF41A40210C.letter-from-senator-shaheen-and-congresswoman-velazquez-to-equifax---september-26-2017.pdf

September 26, 2017

Mr. Mark Feidler, Non-Executive Chairman

Mr. Paulino do Rego Barros Jr., Interim Chief Executive Officer

Equifax

1550 Peachtree Street NE

Atlanta, GA 30309

Dear Messrs. Feidler and Barros:

We are concerned about the impact the historic cybersecurity breach at
Equifax will have on our country's 29 million small business owners. Based
on public reporting, the data breach announced on September 7th compromised
the names, Social Securitynumbers, birth dates, addresses, drivers licenses
and credit card numbers of 143 million American consumers. The availability
of business credit for small business owners is inextricably tied to their
personal credit score, and we are gravely concerned about the effect this
breach will have on the ability of small businesses to access affordable
credit.

As you know, access to capital is one of the biggest challenges facing
small business owners and entrepreneurs. Since the financial collapse,
banks have reduced lending to small businesses. An analysis by Florida
Atlantic University indicates small business loans have decreased by 13.7
percent from 2008-2016, while lending to large firms has increased by 48.9
percent during the same period.

For small business owners, identity theft is especially devastating because
it will affect not only their personal finances but also their businesses
and livelihoods. Lenders, including those who make more than 60,000 loans
annually through the U.S. Small Business Administration's (SBA) loan
guarantee programs, check the credit scores of small business applicants.
If the Equifax data breach leads to identity theft, affected small
businesses could face less favorable terms, including higher interest rates
or outright denial. When a small business owner is denied access to
conventional credit or an SBA loan, they may turn to high-priced,
non-traditional lending sources, which could squeeze cash flow, hurt their
bottom line and jeopardize their home or other collateral.

Given the significant potential exposure of small businesses as a result of
this breach, we urge you to provide greater assistance for small business
owners and different protective products. Freezing credit might be
reasonable and prudent for the consumer who needs a one-time credit check
for a mortgage or a credit card, but it might be much more complicated for
a small business owner who relies on frequent credit checks to address
day-to-day operations. Unfreezing credit is time-consuming, with long pin
numbers that are hard to remember, easy to lose, and a hassle to reset.
Most small businesses do not have the staff or financial resources to
become experts in cybersecurity and identity theft protections, and banking
laws mostly protect consumers, not small business owners. As your website
says, "Unfortunately, in most cases, people do not learn they have been a
victim of identity theft until after the damage has been done."

As the Ranking Members of the Senate Committee on Small Business and
Entrepreneurship and the House Committee on Small Business, we write to
request the following information:

1. What steps are Equifax and its newly formed Special Committee of the
Board taking to educate small business owners about the breach and what it
means for their businesses" Instead of putting the burden on the consumer
to check if their Personal Identifying Information (PII) has been
compromised, why not send letters to your clients as has occurred in other
large-scale breaches?

2. Does Equifax recognize that just as the credit needs of small businesses
differ from consumers, the solutions and protections for small businesses
need to be different in responding to and mitigating the impact of identity
theft" Does Equifax plan to have dedicated lines and agents for small
business owners?

3. How is Equifax working with lenders to establish a safe way to check
credit scores for borrowers seeking a small business loan?

4. How will Equifax ensure that assistance is provided to small business
owners in areas with little or no access to the internet" Currently, it
appears only the Equifaxwebsite can tell you if your information was
compromised.

5. Is Equifax confident that only the credit card numbers for consumers
were compromised and not those of business credit cards?

6. Has Equifax conducted a thorough analysis of its cybersecurity systems
to ensure this does not occur again in the future?

7. Is Equifax aware of how the breach is affecting small business owners
located in the disaster areas" If so, what steps are being taken to assist
them?

We look forward to your prompt response.

Sincerely,

Jeanne Shaheen Nydia Velazquez

Ranking Member Ranking Member

Senate Committee on Small Business & Entrepreneurship House Committee on
Small Business
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20170928/56c50a83/attachment.html>