Credit firms skip hearing on identity theft, data breach
Vowing aggressive action in response to the massive Equifax data breach, a panel of New York lawmakers gathered Thursday to hear from consumer advocates and financial services firms alike about the best ways to safeguard sensitive information and prevent cyberattacks.
Equifax and the two other major credit monitoring firms didn't show up.
The companies' decision not to attend irked lawmakers, who said they'll push ahead with plans for tougher regulations on credit monitoring firms following a cyberattack on Equifax that exposed sensitive information belonging to 143 million Americans, including 8 million New Yorkers.
"I see that as a real slap in the face to the 20 million residents who call New York home," Sen. David Carlucci, a Rockland County Democrat, said of the companies' decision to decline the invitation to appear. "We want answers. We want to find out what happened."
In response, Equifax spokeswoman Marisa Salcines said that while her company "respectfully declined" to attend the hearing, "we are actively engaging with and being responsive to state and federal regulators, agencies and legislators and will continue to do so going forward."
Messages left with the other two companies were not immediately returned Thursday.
Carlucci and other lawmakers say they will push ahead with legislation that would impose greater regulations on the credit monitoring industry. One proposal would require the companies to report any breach within 15 days. Others would require the companies to provide free credit freezes to people whose information has been exposed or allow consumers to request a credit freeze with all three companies with a single phone call.
While the companies themselves didn't attend the hearing, some industry representatives did. One was Matthew Mincieli, executive director of TechNet, a national organization of leaders in technology companies. Mincieli warned lawmakers to be cautious with new regulations, noting they could inadvertently hamstring other industries.
"New rules that might be targeted to Equifax, if they were written broadly enough, could impact companies in the tech sector," he said.
The state's top financial watchdog, state Superintendent of Financial Services Maria Vullo, welcomed the call for more regulations on credit monitoring firms. She encouraged lawmakers to include "teeth" in any new regulations that would ensure companies follow the rules.
"If you don't comply with the law, then you're not entitled to the privilege of doing business in the state," she said.
Attorney General Eric Schneiderman also is investigating the Equifax breach and has written to TransUnion and Experian seeking information on what security improvements, if any, they've made since the breach.