Senate Democrats propose fines for credit reporting agency hacks

Senators Mark Warner (D-VA) and Elizabeth Warren (D-MA) speak before Federal Reserve Chair Janet Yellen testifies on Capitol Hill in Washington
Senators Mark Warner (D-VA) and Elizabeth Warren (D-MA) speak before Federal Reserve Chair Janet Yellen testifies before a Senate Banking, Housing, and Urban Affairs Committee hearing on the “Semiannual Monetary Policy Report to the Congress” on Capitol Hill in Washington, U.S., February 14, 2017. REUTERS/Joshua Roberts

January 11, 2018

By Pete Schroeder

WASHINGTON (Reuters) – Two Senate Democrats are proposing large new fines for credit reporting agencies that lose consumers’ personal information in data breaches, according to a bill they introduced on Wednesday.

The bill would impose potentially significant fines against companies like Equifax, TransUnion, and Experian if their cyber security fails to ward off hackers trying to obtain sensitive data. It also would establish a new Office of Cybersecurity at the Federal Trade Commission, and charge it with monitoring cyber security at those companies.

Senators Mark Warner and Elizabeth Warren’s bill is in response to a data breach at Equifax that put the information of 145 million Americans at risk. The bill faces an uphill climb in a Republican-led Congress, but if it became law, would allow the government to fine as much as 75 percent of a credit reporting agency’s gross revenue should a hack occur.

“Our bill imposes massive and mandatory penalties for data breaches at companies like Equifax – and provides robust compensation for affected consumers,” Warren said in a statement.

The bill would fine a company $100 for each consumer that had a piece of personal information compromised in a data breach, with an additional $50 for each additional piece of data put at risk for each consumer. Those fines could add up to 50 percent of a company’s gross revenue.

But, that penalty doubles if company fails to disclose the breach to regulators in a timely manner or has insufficient cyber security in place, and can add up to as much as 75 percent of a company’s global revenue for the last fiscal year.

(Reporting by Pete Schroeder; editing by Grant McCool)

  • NotSure

    I dont know if I really like the idea of fining victims of criminal activity as another pointed out. Now if said victim hides the fact that they were penetrated, then I could understand being fined but I feel the money should go to the victims. As much as I hate yet another government agency, our nation is woefully behind the times in cyber security and something I feel does need to be done in this arena.

  • AmericaFirst

    So, they propose forming ANOTHER government agency. Great. “Our agency has fined equafax 200 million, and it only cost the tax payers 300 million in agency expenses”

  • Rick in TX

    So now we’re levying fines against the victims of crimes?

  • Bill G.

    It’s an election year, and desperate legislators need the spotlight as well as a new list of ‘accomplishments’ such as …. legislation to fine companies who get hacked. What a waste of humanity. I suppose we can all expect to see a lot of hokey, phony-baloney ideas popping up of the next several months.

  • Bill G.

    Who gets fined when the US government gets hacked? Pocahontas Warren?

  • Swampdrainer

    Doesn’t congress have far more important issues to address?

    • Deplorable Jackphatz

      Yes but these are Democrats here.

  • tentom

    Just a money grab … and a chance to expand government.

  • Ralph

    So where would the money go? I mean, besides Warren’s take of 75%. Where would the rest of it go?

    • tedlv

      Certainly not to the victims!