January 11, 2018
If Democrats in the U.S. Senate have their way, credit bureaus that expose the personal or payment information of consumers through inadequate data security will be subject to enormous fines. Proposed legislation introduced by Senators Elizabeth Warren (D-Mass.) and Mark Warner (D-Va.) mandate fines for breached companies that would have totaled more than $1.5 billion in the case of last fall’s intrusion at Equifax.
Data security breaches like those at Equifax (in which the personal information of 145 million was stolen by hackers) have flooded the Dark Web with information to monetize and served as a catalyst for a sharp rise in account takeover fraud.
Many U.S. states have implemented laws penalizing companies that have experienced breaches, but Congress has been unable to do so at the federal level, despite earlier attempts. This particular bill would affect only credit bureaus due to the scope of information such organizations collect, but congressional scrutiny is sure to continue while breaches continue.
According to the Identity Theft Resource Center, in the U.S. in 2017, there were 1,339 data breaches resulting in the theft of nearly 175 million records. Other estimates, such as Gemalto’s Breach Level Index suggest many more. Around the world in the first half of 2017, Gemalto said nearly 2 billion data records were compromised.