Security & Fraud

CFPB Action Against Equifax Imminent

Add the Consumer Financial Protection Bureau to the list of federal agencies expected to punish Equifax for the massive security breach that exposed the personal data of around 143 million Americans.

According to a Reuters news report, the consumer finance watchdog, created after the 2008 financial crisis, will utilize the wide-ranging powers it has used with Wall Street to come down on Equifax.

The Federal Trade Commission and the Department of Justice are already investigating the cyberattack. In addition, Equifax is being sued by the state of Massachusetts, and is also facing a class-action lawsuit filed on behalf of 28 million small businesses impacted by the breach and another suit just filed by Summit Credit Union.

Because Equifax is not strictly a financial company, there was uncertainty over whether the CFPB has the power to penalize the firm for the breach. But legal experts said it is likely to weigh in using powers it wields under the 2010 Dodd-Frank Act.

“Its Dodd-Frank mandate gives the CFPB authority to investigate Equifax even without cybersecurity rules,” said Quyen Truong, a partner at law firm Stroock & Stroock & Lavan who was the assistant director and deputy general counsel for the CFPB until early 2016.

The CFPB and legal experts said the regulator could pursue Equifax under an aspect of the Dodd-Frank Act that bans unfair, deceptive and abusive acts and practices (UDAAP). Based on this aspect of the law, the CFPB even fined Equifax in January for allegedly deceiving consumers about the usefulness and cost of credit score information they bought.

A CFPB spokesperson declined to say whether the agency already has plans to open an investigation. In addition to forcing companies to take certain actions or desist from damaging behaviors, the CFPB can fine them up to $1 million per day if a company knowingly violates the law.

Last week, U.S. Senator Elizabeth Warren wrote a letter to the CFPB, which she helped create, stating that it may require additional powers to ensure closer federal oversight of credit reporting agencies.


Latest Insights: 

The Payments 2022 Study: Building A High-Performance Payments Team For Fraud Detection, a PYMNTS collaboration with Stripe, examines how digital platforms of all sectors and sizes plan to develop their anti-fraud teams as part of their their broader growth and development strategies. Drawing from an extensive survey from approximately 250 payments heads at digital platforms in the U.S. and abroad, our study analyzes how poor anti-fraud capabilities can harm platforms’ long-term growth strategies, and how they can build high-performing teams to tackle these challenges.


To Top