Dive Brief:
- In a rare occurrence, the Federal Trade Commission (FTC) confirmed it will investigate the massive Equifax data breach before potentially issuing charges, The Verge reports. Equifax has yet to comment on the FTC’s announcement.
- Traditionally, the FTC remains silent on its plan of action regarding ongoing investigations. However, due to the large and sensitive nature of the breach, which exposed the data of 143 million U.S. consumers, the FTC found the announcement appropriate, according to FTC spokesman Peter Kaplan.
- There are currently more than 30 lawsuits filed against the firm and congressional pressure regarding the breach is increasing. Several committees have called for investigations into the breach and Equifax's response. In a series of Tweets, Senator Chuck Schumer, D-NY, likened the Equifax breach to the Enron scandal, saying Equifax had "stunningly [and] epically" failed to perform its essential duty to protect sensitive information of people in its files.
What has transpired with @Equifax over the past several months is one of the most egregious examples of corporate malfeasance since Enron.
— Chuck Schumer (@SenSchumer) September 14, 2017
Dive Insight:
Equifax confirmed the breach was result of a bug infiltrating a vulnerable website application, Apache Struts CVE-2017-5638, after failing to implement patchwork made available for it two months prior to the bug’s infection.
The enormous publicity the data breach brought Equifax paved the way for the FTC’s admission of investigation. Dubbed as the U.S. government’s "chief cybersecurity enforcer," the FTC’s handling of the case makes Equifax’s legal fate seem dim.
Experts have widely criticized Equifax for its handling of the data breach, particularly after three executives sold $1.8 million worth of company shares just prior to breach revelations. Many are also critical of the company's failure reveal the breach in a timely manner.
Equifax is not the only company to come under fire from the FTC. To protect consumer rights and personal data, the FTC just settled an agreement with Uber pertaining to its handling of consumer data. The FTC had the website Ashley Madison pay out $1.6 million following its 2015 breach of consumer data and in February, Vizio paid $2.2 million for its unconsented collection of consumer data.