Equifax faces big fallout

The storm cloud hanging over Equifax as a result of last week’s announcement of a massive data breach isn’t leaving anytime soon. A group claiming to be responsible for the hack is demanding $2.6 million in ransom, or it will dump data on as many as 143 million Americans this week.

Before that even happened, the company was already getting bashed on seemingly all sides, from Congress to the courts to the stock market to foreign governments. The National Consumers League, among others, criticized Equifax for adding “insult to injury” with a clause that forbid customers from joining a class action lawsuit if they accept the company’s complimentary year of credit monitoring. Under pressure from that criticism, Equifax reversed course late last week.

Equifax has reportedly hired Mandiant, a division of FireEye, as part of an investigation into the breach, although FireEye has not confirmed that. As House Homeland Security Chairman Mike McCaul said, “The Department of Homeland Security, a nexus between the private sector and government for cybersecurity, provides assistance during and after cyber incidents, but it will take all stakeholders being actively engaged for us to make real forward movement on the cybersecurity front.”

There are now at least three House committees planning hearings related to the Equifax breach: Financial Services, Energy and Commerce and Judiciary. “I am deeply concerned about the cyberattack against Equifax that may have affected 143 million American consumers and that it took the company over a month to notify the public about this intrusion,” said Chairman Bob Goodlatte in a statement to MC. “The House Judiciary Committee plans to hold a hearing on this data breach this fall and review our current laws to determine if they can be strengthened to better prevent cyberattacks and protect Americans’ privacy.”

HAPPY MONDAY and welcome to Morning Cybersecurity! As deaths go, “fiery death on Saturn” ain’t so bad. Send your thoughts, feedback and especially tips to tstarks@politico.com, and be sure to follow @timstarks, @POLITICOPro, and @MorningCybersec. Full team info below.

THE WEEK AHEAD — The Senate this week is poised to take up its annual defense policy bill. The authorization measure for the 2018 fiscal year — which fully funds the Trump administration’s U.S. Cyber Command budget request — could be a vehicle for any number of hundreds of proposed amendments, some of which are cyber-related. Elsewhere, the House Homeland Security Committee on Tuesday will hold its annual threat briefing, with cyberattacks explicitly on the agenda. Acting Homeland Security Secretary Elaine Duke and FBI Director Christopher Wray are among the witnesses. Also, on Thursday, POLITICO Pro holds a policy summit with cyber sessions including conversations with top House Intelligence Committee Democrat Adam Schiff and Dmitri Alperovitch, chief technology officer for Crowdstrike.

Continue reading…