Newsroom

March 02, 2018

2.4M new consumers fall victim to last year's Equifax breach

Equifax last week confirmed that approximately 2.4 million more U.S. consumers had personal identifiable information compromised in the company's massive data breach last year – bringing the total number of people affected to more than 147 million. NAFCU, as a leading advocate for national data security standards, continues to push for the adoption of data security standards for all entities that hold consumers' information.

The latest announcement revealed that the newest victims had part of the driver's license information stolen and their names. In most of these cases, Equifax said, information did not include consumers' Social Security numbers, home addresses, and driver's license states, dates of issuance, or expiration dates. The company said it will notify those impacted.

Reuters reported that the Senate Commerce, Science and Transportation Committee plans to obtain more information on the latest news.

Last week, NAFCU set the record straight on credit unions' current data security obligations in a letter to House leaders and urged them to move forward with a national data security standard akin to one outlined in draft legislation put forth by Reps. Blaine Luetkemeyer, R-Mo., and Carolyn Maloney, D-N.Y.

The letter, which involved other financial services trade groups, explained that the draft legislation from Luetkemeyer and Maloney would "raise the bar so that all companies protect data similar to how banks and credit unions protect their data, and create a common-sense standard to ensure consumers receive timely notice when a breach does occur."

The draft bill would also recognize the strict standards banks and credit unions already adhere to and would require "companies that are not subject to any current federal requirement regarding breach notification to tell consumers when their information has been compromised."

On Wednesday, the House Financial Services Subcommittee on Financial Institutions and Consumer Credit will hold a hearing to discuss data security and the draft legislation; Luetkemeyer chairs the subcommittee.

NAFCU has also shared with Congress principles credit unions would like to see addressed in any comprehensive cyber and data security legislation.