Subcommittee on Economic and Consumer Policy to Hold Hearing on Improving Cybersecurity at Consumer Reporting Agencies

Mar 25, 2019
Press Release

Washington, D.C. (Mar. 25, 2019)—On Tuesday, March 26, 2019, the Subcommittee on Economic and Consumer Policy will hold a hearing on “Improving Cybersecurity at Consumer Reporting Agencies.

WHERE:  2154 Rayburn House Office Building

WHEN:  Tuesday, March 26, 2019

TIME:  2:00 p.m.



The hearing will examine: (1) the options available to the Federal Trade Commission (FTC) and the Consumer Financial Protection Bureau (CFPB) to promote the improvement of cybersecurity at consumer reporting agencies; and (2) the Government Accountability Office’s recommendations for improving those options. 


  • Consumer Reporting Agencies (CRAs) possess troves of highly sensitive personal information about nearly every American.  They collect information about consumers from businesses, package it into credit reports, and then sell the credit reports to third parties for use in making financial determinations.


  • CRAs are at high risk of attack from hackers.  The Equifax data breach highlighted the full extent of that risk when cyber-thieves gained access to the personal information, including Social Security Numbers, of 147.9 million people.


  • Facing no direct economic pressure from consumers, CRAs do not have the same financial incentives to protect consumer interests as other businesses.  As a result, regulation and oversight of CRAs data security is essential.


  • Federal agencies lack tools to adequately protect consumer information kept by CRAs. The FTC does not have the authority to impose a civil penalty for violations of its Safeguards Rule, but can only seek compensation for consumer losses. The CFPB does not routinely assess data security risks at CRAs, such as how institutions detect and respond to cyber threats.


  • In December 2018, the Democratic Committee staff issued a joint report with the Democratic staff of the Committee on Science, Space and Technology, which provided specific recommendations to prevent a recurrence of the Equifax data breach, including legislation to authorize new enforcement powers for the FTC.


  • GAO will discuss its report on consumer data protection by CRAs, which was requested by Chairman Elijah Cummings, Senator Elizabeth Warren, Senator Ron Wyden, and House Committee on Financial Services Chairwoman Maxine Waters.




Andrew Smith

Director, Bureau of Consumer Protection

Federal Trade Commission


Michael Clements

Director, Financial Markets and Community Investment

Government Accountability Office


Mike Litt

Consumer Campaigns Director



Jennifer Huddleston

Research Fellow

Mercatus Center at George Mason University


The hearing is open to the public, and a livestream will be broadcast here



116th Congress