Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
Businesses United States Politics

US Consumer Protection Official Puts Equifax Probe on Ice (reuters.com) 145

From a report on Reuters: Mick Mulvaney, head of the Consumer Financial Protection Bureau, has pulled back from a full-scale probe of how Equifax failed to protect the personal data of millions of consumers, according to people familiar with the matter. Equifax said in September that hackers stole personal data it had collected on some 143 million Americans. Richard Cordray, then the CFPB director, authorized an investigation that month, said former officials familiar with the probe. But Cordray resigned in November and was replaced by Mulvaney, President Donald Trump's budget chief. The CFPB effort against Equifax has sputtered since then, said several government and industry sources, raising questions about how Mulvaney will police a data-warehousing industry that has enormous sway over how much consumers pay to borrow money. The CFPB has the tools to examine a data breach like Equifax, said John Czwartacki, a spokesman, but the agency is not permitted to acknowledge an open investigation. "The bureau has the desire, expertise, and know-how in-house to vigorously pursue hypothetical matters such as these," he said.
This discussion has been archived. No new comments can be posted.

US Consumer Protection Official Puts Equifax Probe on Ice

Comments Filter:
  • Not surprising (Score:5, Insightful)

    by smooth wombat ( 796938 ) on Monday February 05, 2018 @12:11PM (#56070885) Journal

    The con artist administration doesn't want to upset private industry by holding them accountable for their actions (or inactions in this case). Wells Fargo is simply a feel-good tactic.

    After all, if he won't take responsibility for all his failed businesses, because as he'll tell you none of those were his fault, why should other businesses have to be held liable?

    • Re:Not surprising (Score:5, Insightful)

      by bluefoxlucid ( 723572 ) on Monday February 05, 2018 @12:48PM (#56071129) Homepage Journal

      My strategy for identity theft includes legislation requiring the CFPB to follow NIST guidelines on current security technology and implement regulations requiring consumer-ready, current technical countermeasures to prevent identity theft. Regulations are faster to change than legislation (hence the weak language), and the industry doesn't just undo all that overnight (so it has some staying power even with a rogue President).

      The current tech for this is FIDO U2F with RSA and ECC. A device holding 1,000 identities costs $18. You walk in a bank, show your hard ID (e.g. passport, driver's ID), and the bank lets you plug in and associate the physical device with yourself with Equifax, TransUnion, and Experian. After that, opening any new credit account requires having that physical device; and if you lose it, you can call the bank to cancel the association but leave the requirement of verification enabled.

      Banks need a strong physical presence verification process to open credit accounts. You can open a credit account without being at a bank by knowing what car someone drove 10 years ago; that's no good.

      We can do more things to reduce attack surface in the case where the banks are bad actors by way of not doing appropriate verification, such as requiring the bank to be your bank--a branch you physically visited within the past few months, or designated from another branch. Largely, however, we need to remove all the attacks possible from many positions (many points of failure, non-redundant) and consolidate them to a physical bank branch, which we can better-control with stronger regulations on verifying identity (single point of failure, stronger).

      Going after Equifax is important: they concealed this breach, took advantage of their knowledge, and otherwise acted with bad faith. In the broad scope, however, it's only important for procedural reasons: fines and threats of action when breaches happen won't stop identity theft; you have to bring pressure for not having the correct countermeasures in place before breaches happen.

    • People did elect an administration that made cutting back on regulation a central plank of it's campaign. This is part of that. The idea is that the market should sort these things out. People should start demanding their financial institutions stop doing business with Equifax and/or stop doing business with institutions that do.

      Now, you can counter that is virtually impossible, but the counter argument is that if the government would get out of the way there's be more competition. Regardless, people vo
      • Re:Yes and no (Score:5, Insightful)

        by whoever57 ( 658626 ) on Monday February 05, 2018 @01:07PM (#56071243) Journal

        The real solution would be to make these institutions financially liable for the effects of false information in their files.

        Can't get a mortgage because of an error in their files? You should be able to sue Equifax for your loss.

        Can't get a job because a hacker used your details to obtain loans fraudulently: sue Equifax.

        If we are going to reduce regulations, let's eliminate the laws that protect these companies from being sued.

        • Re: Yes and no (Score:4, Insightful)

          by sound+vision ( 884283 ) on Monday February 05, 2018 @01:35PM (#56071419) Journal
          That goes against the part of the Republican platform of making it difficult to sue. It would create a loophole in the grand plan. Even if they do decide to go schizo on that particular piece of it, getting more lawyers involved has never made anything happen efficiently. Litigation needs to be the final resort when regulations have failed to prevent laws from being broken.
        • by DogDude ( 805747 )
          sue Equifax

          Hahahahahahahahahahahaahahahahahahahahahahahahahahahahahahaha
          Obviously, you've never been involved with a lawsuit, before.
      • To be clear, states elected that administration, not people. People, FWIW, didn't want any of the candidates, but favored Trump's opponent by about three million.
    • this is one of the rare instances where a corporate death penalty would have served the economy. The flaw in corporations is they can sometimes be a vehicle for externalizing risks from the people who profit when risks harm others. Having the share holders and board punished is the only way to prevent that flaw in the corprorate system. If you amass information on other people it creates a risk to those people that didn't exist before. It's your responsibility to protect that and if you don't there has

      • by slew ( 2918 )

        FWIW, I think that just like "human death penalty" doesn't have and deterrence value, similarly, the "corporate death penalty" is the same. People (and corporations) simply don't factor in that as part of their cost analysis before committing the crime.

        It's good political theater to talk about "death penalties", for punitive or retribution value, but as an actual deterrent, I think "death penalties" are of very little value. Basically you get a bunch of rank-and-file folks losing their jobs and a bunch of

    • Re:Not surprising (Score:5, Insightful)

      by orgelspieler ( 865795 ) <[moc.cam] [ta] [eifl0w]> on Monday February 05, 2018 @02:28PM (#56071807) Journal
      I'm pretty sure once Yellen leaves, they will completely (and quietly) undo the Wells Fargo thing. And there will be a new Twitter spasm by the orange rage machine that everybody will be talking about instead.
  • by charlie merritt ( 4684639 ) on Monday February 05, 2018 @12:12PM (#56070893)
    Federal consumer protection against predatory PayDay loans was "relaxed" also. Gotta save Equifax? How much did they contribute?
    • by Anonymous Coward

      Isn't it the opposite of dereliction of duty if you're appointed specifically to break shit and not be good at your job? That's why an idiot with no experience in education is running the Department of Education, that's why a fossil fuels shill with a history of suing the EPA is now running the EPA, that's why a right wing radio blowhard was nominated as USDA's chief scientist even though his background in science was that he took a science class once in college.

  • by Anonymous Coward

    "the agency is not permitted to acknowledge an open investigation"

    Which is it?

    • by hey! ( 33014 )

      According to the reporter's sources within the agency, it is on ice. According to the agency's official spokesman, "no comment."

      That's what TFA says at least, and even the summary here gets it right.

  • Big news! (Score:5, Funny)

    by GrahamJ ( 241784 ) on Monday February 05, 2018 @12:17PM (#56070927)

    News Flash: Trump’s picks don’t do their jobs.

    In other news: The sky is blue.

  • To Big to Jail.

  • CFPB? (Score:1, Interesting)

    by Anonymous Coward

    Is the CFPB even supposed to be dealing with this? Yes, Equifax is a "financial" outfit, but CFPB is about fraud and abuse in mortgages, credit cards and student loans (according to it's vaunted former director Cordray.) CFPB is now the official identity theft arm of the Federal government? This story is based on the false premise that CFPB is supposed to be investigating this.

    • Re:CFPB? (Score:4, Insightful)

      by Anonymous Coward on Monday February 05, 2018 @12:53PM (#56071161)

      The CFPB is about protecting the consumer from abuse from the financial sector. This is well within their scope.

      And if they don't anything no other entity in the government will do anything. The credit bureaus and every other firm that collects consumer data needs to be regulated severely because as we have seen time and time again, business is incapable of operating responsibly. And when caught, there is hardly any recourse for the consumer and when there is, it is so watered down as to be pointless - mandatory binding arbitration is a perfect example. The consumer will never get a fair shake.

  • by JoeyRox ( 2711699 ) on Monday February 05, 2018 @12:31PM (#56071007)
    Those pesky consumers have been running roughshod over our sacred corporations for too long.
  • Regulatory Capture (Score:5, Insightful)

    by sasparillascott ( 1267058 ) on Monday February 05, 2018 @12:32PM (#56071015)
    This is when someone from the industry or similar industry being regulated gets someone who was their former employee to head the agency that is charged with regulation or in this case protecting consumers from these industries put in as head of the regulating agency to effectively prevent it from acting on behalf of the citizens of the U.S..

    This condition is pretty new (at least on the widespread scale it is). In 1970, lobbyists who didn't work for companies and were policy or foreign policy specialists numbered around 100. By 1990 that number was more than 10,000 and nearly all worked directly for companies. Effectively the U.S. government has been taken over by corporate interests in that time (its far more blatant like here with Mr. Mulvaney with the Republicans who have no shame in it being public). Not sure how we get out of it either, seems self reinforcing.
  • by houghi ( 78078 ) on Monday February 05, 2018 @12:33PM (#56071025)

    In Belgium we haver the National Bank (BNB) who hold all information of all credits. I am just goig to talk about personal credits, not proffesional credits as I do not have enough knowledge about that.

    If you go to a bank or credit company or car dealer ship or store and want to open a credit or loan, there will be some things that they will need to verify:
    1) Are you of legal age
    2) Do you live in Belgium officially
    3) Are you on the BNB blacklist
    4) Will you be able to pay back.

    So the first time you go, there will be nothing on the BNB and if your income - your cost of living (rent , clothing and food) leaves sufficient room for a credit or loan, you get one.
    e.g you make 1000EUR. Rent is 500 and cost of living is 500, no loan. You make 1250, you could get a loan up to 250EUR per month in payback.
    Say you take one of 100EUR. the next one will be a max of 150EUR.
    Yes, cheating is possible. It is called fraud, so nothing to do with any of this.
    If the customer is unable to pay (this includes going in red for more than 3 montths with your bank account) you will be on the black list for 1 year starting from the moment you have paid back the amount you are behind, regardless if you have enough. That means no loan, no new car, no house you can buy.

    Every company that gives loand has to check this. If you give a loan to a person on the blacklist, he does not have to pay it back. you can ask nicely, but if there is a loss, it will be 100% on the company. If you give a loan of somebody who clearly could not pay it back, you will be 100% resposible if they don't. (Fraud is something different)

    Every bank does this. That mean that every bank must be able to see the needed (not wanted) information. So what does e bank see?
    1) The number of kredits
    2) Type (e.g credit, loan, ...)
    3) The monthly payment if the total amount is used
    4) The total amount
    5) Blacklisting due to late mpayments more than 3 months.

    What do they NOT see?
    1) The name of the other companies
    2) Late payments less than 3 months.

    Each person has the possibilaty to ask the information and they will get the names of the company.

    This obviously works over secure Internet. So even IF people would get the database, the things you can do with it are pretty limited. As a company we already have access. If you are not a compamy who does loand, you are unable to do anything with it.

    • Every company claims to be a loan company. If they bill, they claim they are loaning you the money until the bill is paid (That's what it means when it says that currency is legal tender for paying all debts public and private, you order a steak at a restaurant, you took out a loan)

      Just because the government has this information it does not mean that no-one else has a database on you. Numerous organizations collect and trade all sorts of info and link it based on just a few identifiers which for some mysti

      • by houghi ( 78078 ) on Monday February 05, 2018 @01:28PM (#56071383)

        In Belgium you need to be a loan company to get access. That means not just saying that you are one, you need to prove that you are one and then you need to fullfill several tests.

        That is the reason that the majority of the chains who sell something on credit do not do the credit part themselves. That is outsourced to a credit company. This because they are unable (not unwilling) to fullfill all the requirements.

        And it does not matter what they cvlaim. They need to follow the law and the law is pretty clear in that saying that there is a difference in late payment and a loan.

        The gathering of information in Europe is also limited as well as what you can do with it, by law. Yes, some will do illegal stuff. Just because murder is illegal does not mean nobody does it. Laws are because of accountability, not prevention.

      • by Anonymous Coward

        Every company claims to be a loan company. If they bill, they claim they are loaning you the money until the bill is paid (That's what it means when it says that currency is legal tender for paying all debts public and private, you order a steak at a restaurant, you took out a loan)

        Wrong.

        You have to know about the history of currency in the United States to fully grasp why those words are there. The simple explanation is the Coinage Act of 1965, Section 31 U.S.C. 5103[1], entitled "Legal tender," states: "

    • Sssh! This is yet another "bash America" thread. Take your facts and shove off! We need an emotional release because a man we don't like is president. Can't you give us that?
  • The news these days is continually awash in tales of nefarious goings-on, but almost always from anonymous sources, and no less the case here. When some leaker puts out an insider scoop (or some reporter invents one) without a name attached, remember that it's to serve someone's agenda and treat it like a rumor, because that's what it is.
    • kill yourself, pussy
    • by Anonymous Coward

      In this case, the source of the leak is probably from within the agency itself, from some investigator who is upset that the new management is working for the corporations that they're supposed to be protecting people from. Perhaps the hope is that by leaking to the press they can shame somebody into reversing the decision.

      dom

  • We will never be able to undo all the damage Trump has done and will do!
    • I dunno, we lived through Clinton. If we can manage Clinton, Bush I and Obama, well, we're doing okay.
  • "So long as big corporations are making money, who gives a shit about stupid little peon citizens and their stupid little problems?"
  • This is part of Humpty-Trumpy's "Making America Great Again" by eviscerating all those "job killing" regulations like:
    * roll back protecting the environment: clean air/clean water, allowing coal companies to dump into rivers
    * roll back privacy and corporate limitations in communications: killing net neutrality
    * remove banking regulations https://www.washingtonpost.com... [washingtonpost.com]
    * remove protections for Seniors in Nursing Homes: https://www.democracynow.org/2... [democracynow.org]
    * giving National Park lands to developers: ht [vox.com]
  • by robkill ( 259732 ) on Monday February 05, 2018 @01:48PM (#56071523)

    Not surprisingly, Mulvaney has been taking money from Equifax, Experian, and other entities the CPFB has been investigating, and has delayed, or ended investigations against them.

    https://www.commondreams.org/n... [commondreams.org]

    Then again what else do you expect when the appointed leader of a government organization believes that organization shouldn't exist. (e.g. Rick Perry, Ryan Zinke, Scott Pruitt etc.) Dismantling of government oversight, de facto bribery (not de jure only due to only ridiculously strict interpretations of the bribery law, explicit quid pro quo situations being prosecuted, and seldom even then.)

  • Easy answer (Score:5, Insightful)

    by fahrbot-bot ( 874524 ) on Monday February 05, 2018 @01:49PM (#56071539)

    ... raising questions about how Mulvaney will police a data-warehousing industry ...

    He won't. He was appointed to undermine the Consumer Financial Protection Bureau.

    From Mick Mulvaney to Run Consumer Watchdog Agency He Hates [nymag.com] and others:

    As a congressman, Mulvaney called the CFPB a “sick, sad joke.”

  • Well, I guess that means that Equifax's executives responsible for the data breach matter more than the 143 million Americans who they collected sensitive financial data on.
  • "Both human deployment of the patch and the scanning deployment did not work. The protocol was followed .. The human error was the individual who is responsible for communicating in the organization to apply the patch did not." transcript [house.gov]

    Sole Equifax security worker at fault for failed patch, says former CEO [theregister.co.uk]
    • It's not any of our responsibility on who Equifax choosers to hire or promote into key roles. Equifax should stand by their own decisions and make it right when they fail. I don't actually care about the details or whose fault it is, because fault is not the same thing as responsibility.

  • These stories are THE BEST propaganda tools!

    all the folks screaming about this May want to read what the CFPB actually is, what power they actually have, and what their actual responsibilities are:

    https://en.wikipedia.org/wiki/... [wikipedia.org]

  • I wish there really was a "deep state" which could keep crap like this from happening. This is why we need professionals in DC who are interested in keeping their jobs rather than taking care of the people who'll keep them rich once they're kicked out of their jobs.

System checkpoint complete.

Working...