Equifax possibly profiting off data breach, Sen. Warren says

After introducing legislation targeting credit bureaus' bottom lines, the Massachusetts senator says, "Equifax is still making money off their own breach."

Dara Kerr Former senior reporter
Dara Kerr was a senior reporter for CNET covering the on-demand economy and tech culture. She grew up in Colorado, went to school in New York City and can never remember how to pronounce gif.
Dara Kerr
2 min read
Sen. Elizabeth Warren speaks during a protest in front of the Consumer Financial Protection Bureau headquarters in November.

Sen. Elizabeth Warren speaks during a protest in front of the Consumer Financial Protection Bureau headquarters in November.

Mark Wilson/Getty Images

Sen. Elizabeth Warren has led the charge against Equifax for not doing enough to protect its customers before it was hit with a major data breach last year. Now she's saying the credit reporting agency might be making money off this breach.

"Equifax may actually make money off this breach because it sells all these credit-protection devices, and even consumers who say, 'Hey, I'm never doing business with Equifax again' -- well, good for you, but you go buy credit protection from someone else, they very well may be using Equifax to do the back office part," Warren said in an interview with Marketplace. "So Equifax is still making money off their own breach."

Equifax was hit with a massive data breach in September, when hackers stole data on more than 100 million consumers. Personal details like Social Security numbers and addresses were stolen, which has left those customers vulnerable to identity theft.

Watch this: Equifax's massive data breach just got worse

Since the breach, Warren, a Democrat from Massachusetts, and Sen. Mark Warner, a Democrat from Virginia, have authored a bill to make the laws tougher on credit reporting agencies. Introduced in January, it aims to make data breaches hurt companies' bottom lines. The legislation also address how credit reporting agencies collect consumer data and what they do to stop hackers.

"The financial incentives here are all out of whack," Warren said in a statement last month. "Equifax allowed personal data on more than half the adults in the country to get stolen, and its legal liability is so limited that it may end up making money off the breach."

If passed into law, the bill would give the US Federal Trade Commission the authority to inspect the companies that collect vast amounts of financial data on consumers, and to make sure they're protecting that information. It would also let the agency fine these companies in the event of a data breach -- $100 per affected consumer as a minimum. Half that money would be redistributed to the consumers caught up in the data breach.

In the case of the Equifax breach, that would have meant a fine of at least $14.3 billion. However, the fines would be capped at 50 percent of a company's gross revenue from the prior year.

Warren released a report earlier this month called "Bad Credit: Uncovering Equifax's failure to protect America's personal information." In the report, she details the hack and proposes ways to fight cyberthreats, including levying financial penalties against credit reporting agencies that don't fully safeguard their customers' data.  

Neither Warren nor Equifax immediately responded to a request for comment.

The Smartest Stuff: Innovators are thinking up new ways to make you, and the things around you, smarter.

CNET en Espanol: Get all your tech news and reviews in Spanish.