Did the Consumer Financial Protection Bureau kill its investigation into Equifax’s data breach that exposed the personal information of 145.5 million U.S. consumers to hackers?
Inquiring minds, including one-third of the Senate, want to know.
On Thursday, a group of 32 Democratic senators sent a letter to the CFPB, demanding answers on the state of the bureau’s investigation into the Equifax breach.
The move comes on the heels of Reuters reporting earlier this week that the CFPB is not moving forward on the Equifax investigation as it previously has in a case of this magnitude.
The supposed cooling of the investigation comes while Mick Mulvaney is running the CFPB. Mulvaney, who also serves as director of the Office of Budget and Management, was appointed acting director by President Donald Trump after Richard Cordray officially resigned as CFPB director in November.
Mulvaney’s tenure at the CFPB has taken the bureau in drastically different directions from where it was under Cordray.
In just the last few weeks, Mulvaney told the CFPB’s employees that the agency was ending regulation by enforcement, adding that the agency works not only for consumers, but also for the companies it supervises.
Mulvaney also reportedly stripped the bureau’s Office of Fair Lending of its enforcement powers, announced that the CFPB would “reconsider” its payday lending rules, and defanged the changes in Home Mortgage Disclosure Act reporting that were to take effect this year, just to name a few.
Now, comes news of a reported cooling of the Equifax investigation, and Democrats want answers.
“We are deeply troubled by recent news reports that, under Director Mulvaney’s leadership, the CFPB has stopped its investigation into the Equifax breach,” the senators wrote in a letter to the CFPB.
“The CFPB is currently the only federal agency with supervisory authority over the largest consumer reporting agencies. Consumer reporting agencies and the data they collect play a central role in consumers’ access to credit and the fair and competitive pricing of that credit,” the Senators continued. “Therefore, the CFPB has a clear duty to supervise consumer reporting agencies, investigate how this breach has or will harm consumers, and bring enforcement actions as necessary.”
The senators added that the CFPB has a legal responsibility to investigate the breach.
“As established by the Dodd-Frank Wall Street Reform and Consumer Protection Act, the CFPB has a statutory mandate to implement and enforce federal consumer protection laws. This mandate specifically includes protecting consumers from ‘unfair, deceptive, or abusive acts and practices’ and ensuring that ‘federal consumer financial laws are enforced consistently,’” the senators write.
“The CFPB also has clear supervisory authority over the largest consumer reporting agencies. Consumer reporting agencies and the data they collect play a central role in consumers’ access to credit and the fair and competitive pricing of that credit,” the senators continue. “Therefore, the CFPB has a duty to supervise consumer reporting agencies, investigate how this breach has or will harm consumers, and bring enforcement actions as necessary.”
The senators write that while the Federal Trade Commission may be taking the lead on the investigation into Equifax’s “failure to maintain adequate data security standards,” the CFPB still should investigate the impact on consumers.
“The responsibility of consumer reporting agencies as custodians of consumers’ personal and financial information is of paramount importance to us and our constituents,” the senators write.
“Several committees in both the House and Senate have held hearings to investigate the causes of the breach and the inadequate post-breach response. The CFPB has a statutory mandate to participate in this process by conducting an investigation,” the senators write. “If that investigation exposes wrongdoing or consumer harm, the CFPB has the authority, and indeed a duty, to bring appropriate enforcement actions.”
The senators lay out four main questions (with some sub-questions) that they want the CFPB to answer by Feb. 19, 2018:
- In September, then-CFPB Director Richard Cordray announced that the CFPB would begin a probe into the Equifax breach. Has the CFPB stopped this or any other investigation related to this matter?
- If so, why was that or any investigation halted?
- Who directed the ending of any investigation?
- Is the CFPB planning to conduct on-site exams of Equifax and the other consumer reporting agencies under its supervisory authority?
- Has the CFPB conducted an examination of a consumer reporting agency following the Equifax hack?
- If the CFPB is conducting an investigation, what specific steps has the CFPB taken pursuant to this investigation?
- Has the CFPB issued Civil Investigative Demands (CIDs)?
- Has the CFPB interviewed Equifax personnel?
- Have the CFPB personnel examined Equifax systems or gone onsite to Equifax facilities?
- Is the CFPB coordinating with the FTC, state law enforcement officials, or other Federal regulators in their investigations
The letter is signed by Sens. Brian Schatz, D-Hawaii; Bob Menendez, D-N.J.; Elizabeth Warren, D-Mass.; Sherrod Brown, D-Ohio; Jeanne Shaheen, D-N.H.; Jon Tester, D-Mont.; Chris Van Hollen, D-Md.; Tom Udall, D-N.M.; Heidi Heitkamp, D-N.D.; Tammy Duckworth, D-Ill.; Catherine Cortez Masto, D-Nev.; Jeff Merkley, D-Ore.; Jack Reed, D-R.I.; Ed Markey, D-Mass.; Joe Donnelly, D-Ind.; Tina Smith, D-Minn.; Tammy Baldwin, D-Wis.; Kirsten Gillibrand, D-N.Y.; Gary Peters, D-Mich.; Patty Murray, D-Wash.; Bernie Sanders, I-Vt.; Richard Blumenthal, D-Conn.; Angus King, I-Maine; Ron Wyden, D-Ore.; Maggie Hassan, D-N.H.; Dianne Feinstein, D-Calif.; Mark Warner, D-Va.; Amy Klobuchar, D-Minn.; Debbie Stabenow, D-Mich.; Dick Durbin, D-Ill.; Chris Murphy, D-Conn.; and Doug Jones, D-Ala.