Equifax headquarters in Atlanta. (Photo: AP)
The Government Accountability Office is recommending that the Federal Trade Commission be given stronger authority to enforce data protection laws, and that the Consumer Financial Protection Bureau improve its oversight and supervision of consumer reporting agencies like Equifax.
GAO made the recommendations in a recent report, "Actions Needed to Strengthen Oversight of Consumer Reporting Agencies," which was requested by Sen. Elizabeth Warren, D-Mass., and Chairman of the House Oversight and Reform Committee Elijah Cummings, D-Md.
Recommended For You
The lawmakers requested the report on Sept. 15, 2017, eight days after Equifax publicly announced a massive data breach that ultimately affected more than 145 million Americans.
"The Equifax breach revealed major gaps in how CRAs protect and use consumers' private information, and the report we released today confirms that vulnerabilities still exist," said Warren and Cummings, in a statement.
GAO has issued "very clear recommendations on how to protect consumers, so let's follow them. We need to give the FTC more tools to crack down on consumer data abuses and the CFPB needs to do its job, hold these firms accountable, and protect consumers."
The 2017 data breach of Equifax "highlighted the data security risks associated with CRAs," GAO states in its February report. "While companies in many industries have experienced data breaches, CRAs may present heightened risks because of the scope of sensitive information they possess and because consumers have very limited control over what information CRAs hold and how they protect it. These challenges underscore the importance of appropriate federal oversight of CRAs' data security."
There are hundreds of CRAs in the U.S., collecting and selling data used to make decisions like whether to grant credit or employment or whether an applicant qualifies for insurance.
The House Oversight and Reform Subcommittee on Economic and Consumer Policy, chaired by Rep. Raja Krishnamoorthi, D-Ill., is conducting a Tuesday hearing to examine GAO's recommendations, as well as efforts by the FTC and the CFPB to oversee consumer reporting agencies' handling of consumer data.
Warren and Chairman Cummings requested a previous GAO report, which was released last August. The reported, which reported specifics on the breach, found that in July 2017, Equifax system administrators discovered that attackers had gained unauthorized access via the Internet to the online dispute portal that maintained documents used to resolve consumer disputes, and that the Equifax breach resulted in the attackers accessing personal information of at least 145.5 million individuals.
© 2025 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
Melanie Waddell
Melanie is senior editor and Washington bureau chief of ThinkAdvisor. Her ThinkAdvisor coverage zeros in on how politics, policy, legislation and regulations affect the investment advisory space. Melanie’s coverage has been cited in various lawmakers’ reports, letters and bills, and in the Labor Department’s fiduciary rule in 2024. In 2019, Melanie received an Honorable Mention, Range of Work by a Single Author award from @Folio. Melanie joined Investment Advisor magazine as New York bureau chief in 2000. She has been a columnist since 2002. She started her career in Washington in 1994, covering financial issues at American Banker. Since 1997, Melanie has been covering investment-related issues, holding senior editorial positions at American Banker publications in both Washington and New York. Briefly, she was content chief for Internet Capital Group’s EFinancialWorld in New York and wrote freelance articles for Institutional Investor. Melanie holds a bachelor’s degree in English from Towson University. She interned at The Baltimore Sun and its suburban edition.
