Mr. Smith goes to Washington...
LINK:
Negligence at a whole new level.
A few of my questions are:
When was the scanning tool that was installed after the breach purchased?
How did they security team not see that much data being downloaded?
The CEO should have escalated as soon as they shut anything down, so why so long to act?
How is a 5 week escalation considered an escalation at all?
The Fair Credit Reporting Act
"The Fair Credit Reporting Act (FCRA) limits the use of consumer reports and access to credit data to those who have a legally permissible purpose.
Consumer Reporting Agencies (CRAs) like Equifax are entities that assemble consumer information for the purpose of issuing consumer reports to third parties. Consumer reports may be provided for particular purposes including making decisions involving credit, insurance, tenant screening, and employment screening."
"The FCRA requires that CRAs employ “reasonable efforts” to verify the
identity of those to whom they supply consumer reports and that the recipient has a permissible purpose to use the report. The Dodd-Frank Act transferred most of the rulemaking responsibilities to the Consumer Financial Protection Bureau (CFPB), but the FTC retains enforcement authority under the FCRA."
Source - https://www.ftc.gov/enforcement/statutes/fair-credit-reporting-act
Feel free to leave your own comments!
Hi! I am a robot. I just upvoted you! I found similar content that readers might be interested in:
http://docs.house.gov/meetings/IF/IF17/20171003/106455/HHRG-115-IF17-20171003-SD002.pdf
I sourced it from https://www.ftc.gov/enforcement/statutes/fair-credit-reporting-act