Senate Banking Chairman Michael D. Crapo said Tuesday that his staff was investigating the Equifax Inc. data breach, but that he hasn’t decided whether to hold a hearing on the issue and that he wasn’t sure if the breach would affect the GOP’s effort to repeal the Consumer Financial Protection Bureau’s arbitration rule.
Crapo led a committee hearing Tuesday on a separate issue — the promise and the dangers of the burgeoning financial technology industries, like blockchain and mobile lending — but the event was overshadowed by the breach that Equifax has said may have resulted in the theft of personal information of up to 143 million Americans.
“With all the potential for fintech to improve the financial services sector, the industry is still relatively new,” said Crapo, R-Idaho. “Uncertainty remains around questions like data security and the proper regulatory treatment to ensure that consumers and the financial system are safeguarded. The recent Equifax data breach reminds us of the critical need to ensure that areas like data security are given proper attention.”Talking to reporters after the hearing, Crapo acknowledged that he had been asked to hold a hearing on Equifax. Ten of 11 Democrats on the Senate Banking Committee signed a letter asking him to do so. Two House committees — Financial Services and Energy and Commerce — have already announced intentions to hold hearings.
“We are investigating at a staff level and in other ways,” Crapo said. “I haven’t made a decision yet on whether to hold a hearing.”
Ranking member Sherrod Brown of Ohio was the only committee Democrat who didn’t sign the letter, but devoted much of his opening statement Tuesday to blasting Equifax. Brown complained that Equifax is offering those potentially harmed by the data breach, which included names, birth dates, Social Security numbers and in some cases credit card numbers, only one year of free credit monitoring.
“One year of credit monitoring cannot be expected to undo the damage of this breach,” Brown said, noting that after the 2015 breach of the Office of Personnel Management of 4.2 million current and former federal employees, Congress approved 10 years of free credit monitoring.
“We cannot accept any less for the people we serve,” he said.
Brown said he appreciated that Equifax removed the mandatory arbitration clause it had attached to TrustedID, the free credit monitoring product being offered. Until the removal, the company had effectively said it would provide protection from its own breach only if consumers waived the right to join a class action suit over the product that would safeguard consumers from effects of the breach.
Want insight more often? Get Roll Call in your inbox
Calling that “a step in the right direction,” Brown noted that it remains unclear whether consumers can join together and sue the company because arbitration clauses are attached to other Equifax products and on the use of its websites.
Crapo said he didn’t know whether the political furor over the Equifax data breach would alter Republicans’ approach to bringing a resolution to the floor that would repeal the CFPB’s rule barring companies from making arbitration mandatory in consumer contracts.