Last year Equifax sheepishly admitted that it had breached hundreds of millions of Americans’, Britons’ and Canadians’ private financial data and then suppressed the news (subsequent months revealed that the company had suffered multiple breaches, so many it didn’t know what it had lost and wasn’t looking very hard).
It’s been a year since grandstanding politicians said they’d Do Something about Equifax to prevent this kind of thing happening again.
In that year, those politicians have done precisely nothing.
What was supposed to happen: After the first of several hearings involving Equifax, Sen. Chuck Grassley (R-Iowa), chair of the Judiciary Committee, said it was “long past time” for federal standards for how companies like Equifax secure data.* Data security wasn’t the only anticipated reform. Congress appeared poised to create a national breach notification law governing how and how quickly companies must notify anybody whose personal information is stolen in a breach. Currently, to the chagrin of national retailers, those laws vary state to state.
* Several investigations were supposed to penalize the credit bureau for lax cybersecurity, including failing to patch the vulnerability hackers exploited despite government warnings.
What actually happened: The bills petered out.
After Equifax’s mega-breach, nothing changed [Joe Uchill/Axios]