A proposed law in the Senate requires credit reporting agencies to protect the data it amasses on American consumers from hackers -- or pay the price.
Two Democratic senators want to make the law tougher on credit reporting agencies that get breached by hackers, like Equifax did in 2017.
Sen. Elizabeth Warren of Massachusetts and Sen. Mark Warner of Virginia introduced a bill Wednesday that aims to make data breaches hurt companies' bottom lines. The bill addresses problems the lawmakers say let credit reporting agencies collect consumer data without doing enough to protect it from hackers.
"The financial incentives here are all out of whack," Warren said in a statement. "Equifax allowed personal data on more than half the adults in the country to get stolen, and its legal liability is so limited that it may end up making money off the breach."
If passed into law, the bill would give the US Federal Trade Commission the authority to inspect the companies that collect vast amounts of financial data on consumers to make sure they're protecting that information. It would also let the agency fine them in the event of a data breach, to the tune of $100 per affected consumer as a minimum. Half of that money would be redistributed to the consumers caught up in the data breach.
"The agencies already comply with the same rigorous data protection standards as banks," said Francis Creighton, President and CEO of the Consumer Data Industry Association, which represents Equifax as well as Experian and TransUnion. "We do not believe the Warren/Warner bill provides a balanced solution to an increasingly complex problem that affects every part of the economy -- including the federal government.
"However, we look forward to continuing to work with Congress to ensure we maintain a vibrant and innovative system that protects consumers without impeding their access to credit," he added.
In the case of the Equifax breach, that would have meant a fine of at least $14.3 billion. However, the fines would be capped at 50 percent of a company's gross revenue from the prior year.
Former Equifax CEO Richard Smith told lawmakers that a combination of human error and technical problems prevented the company from patching a critical software bug in time. Hackers used a known vulnerability in software running a computer application called Apache Struts to breach the company's systems, Equifax said.
Warren tried last year to pass reforms in the wake of the Equifax hack, too. She proposed a bill that would have required credit reporting agencies to let consumers freeze their credit indefinitely, and unfreeze it at any time, at no cost. Her other bill would have prevented employers from making hiring decisions based on credit reports. Neither bill made it out of committee before the end of the legislative year.
Technically Incorrect: Bringing you a fresh and irreverent take on tech.
Special Reports: CNET's in-depth features in one place.