A year after Equifax discovered signs of a data breach that exposed 147 million Americans to potential identity theft, the company has yet to be held accountable. On July 29th, 2017, Equifax’s security department identified and started investigating suspicious activity associated with the part of its website where consumers could dispute information on their credit reports. But Equifax didn’t publicly disclose the breach until September 7th, six weeks later.
Earlier this year, Sens. Elizabeth Warren (MA) and Mark Warner (VA) introduced the Data Breach Prevention and Compensation Act, legislation that would implement annual cybersecurity inspections at Equifax and the other national credit bureaus and levy fines against them if they have future breaches. If this policy had been in place during the Equifax incident last year, Equifax would have paid at least a $1.5 billion penalty, half of which would be returned to consumers affected by the breach.
— source uspirg.org July 27, 2018