Loebsack Demands Answers from Equifax on Data Breach

Written by Theresa Rose on September 14, 2017

Washington, D.C. – Congressman Dave Loebsack, along with his Democratic colleagues from the Energy and Commerce Committee, demanded answers from Equifax after the company announced a massive data breach has compromised the personal information of more than 143 million Americans. In a letter sent to the Richard Smith, the Chairman and CEO of Equifax, the members laid out a series of questions to gain additional information about who was affected, how Equifax plans to make impacted customers whole and what the company is doing to ensure additional breaches do not occur. The letter also asks why Equifax took more than a month to notify consumers of the unauthorized access to their personal information.

Information is available on the Iowa Attorney General’s website for Iowans whose data may have been compromised.

“We are writing with serious concerns about the immense scale of this data breach, and we have a number of questions about whether Equifax took appropriate steps to safeguard the personal information of consumers,” the Energy and Commerce Committee members wrote in their letter. “Your company profits from collecting highly sensitive personal information from American consumers- it should take seriously its responsibility to keep data safe and to inform consumers when its protections fail.”


The letter requests answers to detailed questions, including:

  • Why did it take Equifax more than a month to announce this massive data breach?
  • How did Equifax determine that offering credit monitoring services for one year – provided by Equifax itself – would be adequate to make consumers whole?
  • How much money per year would an affected customer pay Equifax to extend the “complimentary” credit monitoring services beyond one year?  How much money would Equifax make after one year on credit monitoring services that would be unnecessary but for Equifax’s failure to safeguard consumer data?
  • What measures is Equifax implementing after the event to improve the protection of consumer information residing on its network?
  • What measures is the company taking to investigate the sale of stock in the aftermath of the company’s discovery of the data breach, including whether these or other executives sought to delay the announcement of the data breach?
  • What measures, other than offering credit monitoring services and identity theft protection, is Equifax taking to mitigate harm to consumers?