The tool for consumers to check if their data was stolen doesnt really work, Equifax is supposedly offering free credit monitoring but no one can sign up yet, and several of its executives mysteriously sold off stock before the breach was announced. In short, its a disasterand lawmakers arent happy. Transform your business with infrastructure, services and tools for integrated cloud computing. Senturus comprehensive library of Cognos and Business Intelligence presentations and information. All of them are free and we add new resources regularly. Among those taking action, three Democrats on the House Energy and Commerce Committee didnt waste any time on Friday digging into the companys questionable response. In a letter Friday, US Representatives Frank Pallone, Jr., Diana De. Gette, and Jan Schakowsky tasked the Government Accountability Office GAO with evaluating whether Equifaxs reaction to the breach will in any way benefit the millions of Americans now at risk of financial fraud. After all, Equifax is itself a credit reporting agency theres plenty of irony to go around. Specifically, the lawmakers say theyre alarmed by GEO reports that suggest simply offering to monitor a breach victims credit is not the way to go. The entire purpose of offering this service, according to GAOs findings, is to avoid liability while offering consumers peace of mind. After the Office of Personnel Management OPM was breached in 2. Find and compare IT Asset Management software. Free, interactive tool to quickly narrow your choices and contact multiple vendors. This section identifies the labor categories and specifies the minimum for personnel required by this contract. Manager Key Personnel. Across is a publisher technology platform that powers quality publishers to earn revenue, optimize yield, and gain actionable insights. Through our advanced. We knew it wouldnt be long before Congress demanded action in response to the Equifax data breachparticularly since several of its members are among the 143. However, the GAO later found that this decision was not based on any actual analysis of whether or not the services were truly effective, the lawmakers said. While putting peoples minds at ease is certainly a service, its hardly a substitute for a genuine shield against identity theft. Simply compensating consumers whose data has been hacked with a year of monitoring is not going to be enough. Questions remain about whether purchasing and providing credit monitoring for customers is the optimal way to respond to data breaches, the lawmakers wrote. In particular, we are concerned that the popular response may reflect factors unrelated to the actual protection of breach victims and reliance on these products after the breach may result in consumers being lulled into a false sense of security. The Democrats have asked the GAO to take another swing at determining precisely what post breach solutions would benefit victims of data theftand not just those impacted by Equifax. The lawmakers would like to know, for instance, as do we all,To what extent does the most effective solution vary by breach type, victim characteristics, demographics or other key factors Theyve also asked To what extent are the services offered determined by price and To what extent are they determined by their level of protectionThis incident shows how urgent the need is to find better ways to protect personal data, Rep. Diana De. Gette, the ranking member on the House subcommittee on oversight and investigations, told Gizmodo. Clearly, as a country we need to craft new means to keep thieves and hackers from obtaining and using personal information. Simply compensating consumers whose data has been hacked with a year of monitoring is not going to be enough. Should the GAO identify effective post breach solutions and obstacles that impede their use, De. Gette and her colleagues have also asked for new recommendations on how both the federal government and the private sector can more widely leverage these solutions to the benefit of data breach victims. Its difficult to assess whether Equifaxs offer will actually help anyone. Despite its lengthy press release, the company has revealed next to nothing about the breach and the types of data stolenbeyond saying as many as 1. The company didnt disclose the breach for more than a month after detecting it, a decision which has drawn significant criticism. And the nature of the website application vulnerability supposedly responsible for the breach itself also remains unclear. The ambiguity with which the company has described the incidentthey have referred to it as a cybersecurity incident and an intrusioncould indicate that a hacker, or hackers, went to painstaking lengths to steal its customer database. One would presume they intend to use it. But for all we know now, the company mightve simply left the door wide open, its databases made accessible through some serious lapse in security to virtually anyone with a web browser and the right IP address. What can be weighed, however, is Equifaxs response after learning about the breach Is the company doing everything it can to do right by its customers Or is it acting solely in its own self interest, taking only the steps necessary to reduce its own liability So far, the outlook is not great. Offering to monitor the victims credit is the very definition of the least Equifax could do. It is a threat to our economic security. But now there are other concerns Troubling language has been discovered on the website Equifax set up to allow its customers to check to see if their personal information was exposed. Few whove signed up likely noticed the arbitration clause in the terms of service that restricts them from participating in any class action lawsuits arising from the incident. Seriously, this is a thing. The GAO evaluation is only one of several investigative measures being pushed by members of Congress. It is a threat to our economic security, Sen. Mark Warner tweeted. He floated several ideas for legislation to address cybersecurity nightmares like the Equifax breach, including notification standards for companies to tell consumers about hacks. It doesnt look like Energy and Commerce is going to be the only committee trying to get answers from Equifax, either. Rep. Ted Lieu is calling for the House Judiciary Committee to hold a hearing on the breach. Lieu wants Equifax to testify, of course, but he wants their major competitorsExperian and Trans. Unionto come to the table, too. Each company, he said, should be required to explain how it is taking proactive, defensive steps to prevent such breaches in the future. On top of the investigative hearings, some members of Congress are already pushing for legislation that would create stricter regulation of credit reporting agencies. Sen. Brian Schatz announced that he plans to reintroduce legislation he drafted in 2. Gizmodo reached out to Equifax with a list of questions about the data breach Thursday afternoon. No one from company has responded so far, but well update when and if they do. Update, 8 0. 0pm As a helpful reader pointed out below, Equifax has added language to a Q A section on its website addressing the arbitration clause issue The arbitration clause and class action wavier included in the Trusted. ID Premier Terms of Use applies to the free credit file monitoring and identity theft protection products, and not the cybersecurity incident.