The Federal Trade Commission (FTC) became the first economic regulator to formally announce an investigation into Equifax’s handling of a cyber intrusion that left more than 100 million Americans vulnerable to identity theft.
An FTC spokesman confirmed the probe one day after dozens of lawmakers urged the agency and other government bodies to look into the behavior of the credit reporting company before and after the breach was discovered.
“The FTC typically does not comment on open investigations,” said Peter Kaplan on Thursday. “However in light of the intense public interest and the potential impact of this matter, I can confirm that FTC staff is investigating the Equifax data breach.”
The Consumer Financial Protection Bureau (CFPB) and several state attorneys general are also looking into Equifax, according to unattributed statements to journalists.
The company announced earlier this month that the breach resulted in the possible theft of 144 million Americans’ personal information, including social security numbers, dates of birth, and drivers’ license numbers.
On Wednesday, Equifax claimed to USA Today that the compromise was due to a website vulnerability. Cybersecurity professionals told the outlet, however, that Equifax’s failure to install “security updates provided in a timely manner” was responsible for the breach.
Most interesting to lawmakers, and perhaps other investigative bodies, are the actions of company executives prior to the incident. Equifax’s Chief Financial Officer and two other top executives dumped $1.8 million in company stock shortly before the company claims it discovered the breach. The public wasn’t notified until six weeks later.
Schatz was part of a bipartisan group of 36 Senators that wrote a letter to the FTC,…