On Equifax: Menendez, Colleagues Urge FTC to Prevent Second Round of Identity Theft and Fraud

On Equifax: Menendez, Colleagues Urge FTC to Prevent Second Round of Identity Theft and Fraud

“Left ignored, the harm done to American consumers is likely to be multiplied many times over by those who see the Equifax data breach as a scamming opportunity."

    

Washington, DC - United States Senator Bob Menendez (D-N.J.), a senior member of the Senate Banking Committee, today called on the Federal Trade Commission (FTC) to outline specific actions being taken to ensure consumers do not fall victim to a second round of attacks on their personal information following the massive Equifax breach.  Senators Dianne Feinstein (D-Calif.); Tim Kaine (D-Va.); Maggie Hassan (D-N.H.); Jeff Merkley (D-Ore.); Jack Reed (D-R.I.); Ron Wyden (D-Ore.) also joined the letter to Acting Chairman of the FTC Maureen Ohlhausen.

Citing revelations of fraud schemes perpetrated on consumers who voluntarily provided their personal information to scammers, the senators wrote: “Almost immediately after the breach, fake websites appeared claiming to allow consumers to check whether their information was exposed. The websites, sent to consumers via email and text message, are nothing more than phishing sites. In addition, some consumers received calls from entities claiming to be Equifax, with fraudulent representatives asking the consumer to verify account information. Other consumers received calls from entities claiming to be the IRS.”

The senators also expressed additional concerns about Equifax’s own diligence in vetting the links it tweeted to a fake website in response to consumer requests for information and assistance in the aftermath of the data breach.With more than half of the U.S. adult population exposed and vulnerable to identity theft, criminals have an extensive range of potential victims, and the FTC has a critical role to play to protect consumers from additional harm," concluded the missive.  

 

The letter poses five specific questions to be answered by the FTC Chairman:

  1. To what extent, if at all, is the FTC tracking Equifax frauds and scams?  Is FTC tracking this information in conjunction with any other federal agencies?

  2. What steps is the FTC taking to combat Equifax scammers? Please be specific as to how resources are being deployed to combat both internet and phone scams.

  3. What steps is FTC taking to educate consumers and ensure they do not fall prey to frauds and scams related to the Equifax data breach?

  4. Is the FTC working with all three of the major consumer reporting agencies to identify, report, and interdict these frauds and scams? Please be specific as to what steps are being taken.

  5. Does the FTC have sufficient authority and/or resources to effectively combat these frauds and scams? If not, what else is needed?

Menendez has played a leading role in Congress in the aftershock of the massive Equifax data breach, calling for Congressional hearings, pushing Equifax to end use of consumer-harming forced arbitration clauses, requesting industry wide review of consumer reporting agencies, seeking federal investigations of Equifax stock sales due to potential insider trading violations, announcing legislation to strengthen protections for consumers’ personal data, and introducing new legislation to give control over credit and personal information back to consumers

 

The full text of the Senators’ letter to the FTC can be found below.

Dear Acting Chairman Ohlhausen:

As you know, the recent Equifax data breach exposed the personally identifiable information of more than 143 million people. Predictably, a number of unscrupulous actors have used the data breach as an opportunity to take advantage of consumers. We write to request specific information as to what actions the Federal Trade Commission (FTC) is taking to ensure consumers do not fall victim to a second round of attacks on their personal information.

Almost immediately after the breach, fake websites appeared claiming to allow consumers to check whether their information was exposed.[1] The websites, sent to consumers via email and text message, are nothing more than phishing sites. In addition, some consumers received calls from entities claiming to be Equifax, with fraudulent representatives asking the consumer to verify account information.[2] Other consumers received calls from entities claiming to be the IRS.[3] Further complicating matters, through its own Twitter account, Equifax tweeted links to a fake website in response to consumer requests for information and assistance.[4] With more than half of the U.S. adult population exposed and vulnerable to identity theft, criminals have an extensive range of potential victims, and the FTC has a critical role to play to protect consumers from additional harm.

The internet presents a formidable obstacle to law enforcement, with new bad actors constantly replacing those who have been apprehended. Nonetheless, we have a responsibility to do everything within our power to remain vigilant and prevent harm wherever possible. Given the breadth of the Equifax data breach and the potential for widespread abuse, we request answer to the following questions no later than October 30:

(1)    To what extent, if at all, is the FTC tracking Equifax frauds and scams?  Is FTC tracking this information in conjunction with any other federal agencies?

(2)    What steps is the FTC taking to combat Equifax scammers? Please be specific as to how resources are being deployed to combat both internet and phone scams.

(3)    What steps is FTC taking to educate consumers and ensure they do not fall prey to frauds and scams related to the Equifax data breach?

(4)    Is the FTC working with all three of the major consumer reporting agencies to identify, report, and interdict these frauds and scams? Please be specific as to what steps are being taken.

(5)    Does the FTC have sufficient authority and/or resources to effectively combat these frauds and scams? If not, what else is needed?

The severity of the damage inflicted by largescale data breaches demands our immediate attention.  Left ignored, the harm done to American consumers is likely to be multiplied many times over by those who see the Equifax data breach as a scamming opportunity.  Thank you for your prompt attention to this matter.

Sincerely,

 



[1] Wolf Richter, How to protect yourself from Equifax scams, Business Insider (Sept. 20, 2017), at http://www.businessinsider.com/how-to-protect-yourself-from-equifax-scams-2017-9.

[2] Kathy Kristof, Equifax data breach and credit freeze: Beware these 3 scams, CBS News (Sept. 16, 2017), at https://www.cbsnews.com/news/equifax-data-breach-credit-freeze-phishing-other-scams/

[3] David P. Willis, Equifax scams: 5 tricks used by fraudsters, Asbury Park Press (Sept. 22, 2017), at http://www.app.com/story/money/business/consumer/press-on-your-side/2017/09/22/equifax-scams-security/690910001/.

[4] Selena Larson, Equifax tweets fake phishing site to concerned customers, CNN (Sept. 20, 2017), at http://money.cnn.com/2017/09/20/technology/business/equifax-fake-site-twitter-phishing/index.html.