[BreachExchange] Equifax expecting punishment from CFPB and FTC over massive data breach

[Destry Winant]

https://www.housingwire.com/articles/48267-equifax-expecting-punishment-from-cfpb-and-ftc-over-massive-data-breach

Equifax is expecting various forms of punishment from the Consumer
Financial Protection Bureau and the Federal Trade Commission over the
credit reporting agency’s massive data breach that exposed the
personal information of 148 million U.S. consumers to hackers.

The company revealed the expected sanctions in a recent filing with
the Securities and Exchange Commission.

According to Equifax, the CFPB and FTC have both notified the company
that they expect to seek “injunctive relief damages” in regards to the
data breach. Beyond that, the CFPB plans to seek “civil money
penalties,” the company said.

The company added that it has submitted written responses to both
agencies addressing the allegations, and said that it continues to
cooperate with the agencies in their investigations.

The company did not provide an expected timeline for when the
potential punishment will be announced, but the fact that the CFPB is
seeking to fine the company for the breach represents a shift from the
bureau’s recent actions in the case.

A little over a year ago, it was reported that the CFPB, under interim
Director Mick Mulvaney, was not pursuing Equifax with the same vigor
that the bureau likely would have under former Director Richard
Cordray.

Stay ahead of the market with
Daily Update
Around the clock coverage and information about the US mortgage and
housing industry
Sign UpNo thanks

Shortly after Equifax first revealed the data breach, the CFPB said
that it would begin looking into the breach, but Reuters later
reported that Mulvaney’s CFPB had pulled back from investigating the
breach.

According to Reuters, the CFPB also reportedly “rebuffed” offers to
help conduct exams of the credit reporting agencies from the Federal
Reserve, the Federal Deposit Insurance Corp., and the Office of the
Comptroller of the Currency.

At the time, several prominent Democratic Senators blasted Mulvaney’s
reported pullback, with Sen. Elizabeth Warren, D-Mass., calling the
move a “middle finger” to consumers.

Now, it appears that the tide has turned, at least somewhat, with the
CFPB supposedly planning a fine. How much of a fine remains to be
seen, however.

Beyond that, Equifax said that the New York Department of Financial
Services notified the company that it is considering recommending
taking legal action against the company, potentially seeking “consumer
relief and civil money penalties” in the action.

The FTC launched its own investigation into Equifax after the breach
was first exposed, and that action seems to be nearing its end as
well, but those are hardly the only agencies and parties that are
pursuing Equifax over the breach.

According to Equifax’s SEC filing, the following agencies are
investigating the breach: 48 state Attorneys General offices, the
District of Columbia, the FTC, the CFPB, the SEC, the Department of
Justice, other U.S. state regulators, certain Congressional committees
of both the Senate and House of Representatives, the Office of the
Privacy Commissioner of Canada, and the U.K.’s Financial Conduct
Authority.

The company is also facing a number of lawsuits from cities,
shareholders, and more than 1,000 lawsuits from consumers over the
breach.

“Although we are actively cooperating with the above investigations
and inquiries, an adverse outcome to any such investigations and
inquiries could subject us to fines or other obligations, which may
have an adverse effect on how we operate our business or our results
of operations,” the company said in its SEC filing.