The massive Equifax data breach, which compromised the identities of more than 145 million Americans, prompted a telling response from Congress: It did nothing.
Some industry leaders and lawmakers thought September’s revelation of the massive intrusion — which took place months after the credit reporting agency failed to act on a warning from the Homeland Security Department — might be the long-envisioned incident that prompted Congress to finally fix the country’s confusing and ineffectual data security laws.
Instead, the aftermath of the breach played out like a familiar script: white-hot, bipartisan outrage, followed by hearings and a flurry of proposals that went nowhere. As is often the case, Congress gradually shifted to other priorities — this time the most sweeping tax code overhaul in a generation, and another mad scramble to fund the federal government.
“It’s very frustrating,” said Rep. Jan Schakowsky of Illinois, the top Democrat on the House Energy and Commerce consumer protection subcommittee, who introduced legislation in the wake of the Equifax incident.
“Every time another shoe falls, I think, ‘Ah, this is it. This will get us galvanized and pull together and march in the same direction.’ Hasn’t happened yet,” said Sen. Tom Carper (D-Del.), a member of a broader Senate working group that has tinkered for years to come up with data breach legislation.