[Congressional Record Volume 163, Number 151 (Tuesday, September 19, 2017)]
[Senate]
[Page S5836]
From the Congressional Record Online through the Government Publishing Office [www.gpo.gov]



                                FREE Act

  Ms. WARREN. Mr. President, 12 days ago, Equifax, one of the Nation's 
largest credit reporting agencies, disclosed that hackers had breached 
its system and stolen highly personal information on nearly half of 
America. Social Security numbers, birth dates, home addresses, phone 
numbers, even credit card numbers--all in the hands of criminals.
  Since then, I have heard from working families in Massachusetts and 
all across the country. The Equifax hack is a nightmare. At best, it is 
a giant hassle--time on hold with the credit reporting agencies, fees 
for this service and that service, confusion about what has been stolen 
and what to do about it. At worst, it could be ruinous--a lifetime of 
responsible spending and borrowing wiped out by identity theft and 
fraud. People are outraged, and rightly so.
  Bad enough that Equifax is so sloppy that they let hackers into their 
system, but the company's response to the hack has been even worse. 
First, Equifax hid the information about the breach for 40 days--40 
days. Equifax gave criminals a 40-day headstart to use the information 
they had stolen, while the rest of us were left in the dark.
  Then, when Equifax finally decided to disclose the breach, they 
didn't call or send letters to the millions of Americans who were 
victims of the hack. No, they announced the breach and then made 
everyone go to an Equifax website and turn over more personal 
information to see if they were one of the people who had been 
affected. Once Equifax had the new information, they provided confusing 
and misleading information about whether the person had actually been a 
victim of the breach.
  Worse still, while Equifax was unclear about whether someone's 
information had been stolen, they were very clear about one thing: 
Everyone, whether or not their information was stolen, should sign up 
for a supposedly free Equifax credit monitoring service called 
TrustedID Premier. The terms of use for this program initially required 
anyone who signed up to have a credit card. Why? Because after the 
first year, Equifax could start automatically charging the credit card 
for the service if the customer hadn't already canceled. That is right. 
Equifax was trying to impose secret fees and profit off the hack of 
their own system.
  But wait, it got even worse. To sign up for this credit monitoring 
service, Equifax at first forced consumers to give up their right to go 
to court and sue Equifax if they had any disputes about the product. 
Equifax changed some of the terms after there was a lot of public 
pressure.
  Let me see if I can recap all this. After allowing hackers to steal 
personal information on as many as 143 million Americans, Equifax hid 
the breach from consumers for more than a month, failed to clearly 
inform people whether the information had been stolen, then tried to 
profit off the breach by tricking people into signing up for a costly 
credit monitoring product that also required them to give up their 
legal rights. Wow.
  In the last decade, there has been so much corporate misconduct, so 
much bald-faced contempt for consumers, that at times it seems as 
though we have all just grown numb to it. But even against that 
backdrop, Equifax's conduct is just jaw-dropping.
  It is time for us to fight back. It is time for all of us to fight 
back--Democrats, Republicans, Independents, Libertarians, vegetarians--
it doesn't matter. We have all been victims of the Equifax hack, or we 
know someone who has, and we all deserve better. That is why I 
partnered with Senator Schatz and 10 of our colleagues to introduce the 
Freedom from Equifax Exploitation Act, or FREE Act, last Thursday. Our 
bill empowers consumers to take back control of their personal credit 
data.
  The Equifax hack has highlighted the strange role of credit reporting 
agencies like Equifax and how they interface with our financial system. 
Banks and other big companies feed agencies like Equifax information 
about every financial transaction you make, from purchasing a car, to 
taking out a mortgage, to buying a home, to getting a student loan. 
They get information on every monthly payment you make, and they know 
where you live and how long you have lived there and what your phone 
number is. Every day, the credit reporting agencies package up that 
information about you into files that they then sell to other people. 
Sometimes it is people you know about, like when you apply for a 
mortgage or a car loan, but a lot of times, Equifax is selling data to 
people who want to sell you something--credit cards or student loan 
refinance or even a cruise.
  The bottom line is that companies like Equifax are making billions of 
dollars a year collecting, sharing, and selling highly personal 
information about you, all without your explicit permission or without 
paying you a penny.
  The FREE Act tries to level the playing field. First, it allows every 
consumer to freeze and unfreeze their credit file for free. If you 
freeze your credit file, no one can access it, and the credit reporting 
agency can't use it either. A freeze is like a ``do not call'' list for 
your credit information. It is about security. It means that even after 
the Equifax hack, thieves can't open credit cards or take out loans in 
your name even if they have your personal information. But it is also 
an easy way to give you the power to decide who gets your information 
for any other reason. The basic idea is simple: Equifax doesn't pay you 
when they sell your data, and you shouldn't have to pay Equifax to keep 
them from selling it.
  Our bill says that the same rules apply to all three credit reporting 
companies, and all three companies must refund your money if they 
charged you for a credit freeze in the aftermath of the Equifax breach. 
No one in this industry should profit from this hack.
  This bill doesn't fix all the problems in the credit reporting 
industry. It is only a first step.
  Congresswoman Maxine Waters, the top Democrat on the House Financial 
Services Committee, has been looking into the credit reporting industry 
for years, and she has introduced comprehensive legislation to reform 
the industry and empower consumers. The Senate ought to take a very 
close look at her bill.
  I have also launched an investigation into the Equifax breach and the 
whole credit reporting industry. In the upcoming weeks, I will be 
gathering more information from Equifax, other credit reporting 
agencies, Federal regulators, and legal experts. I want to keep 
fighting to make sure that credit reporting agencies can't exploit 
consumers and put their personal information at risk.
  This a test for Congress. Will we act quickly to protect American 
consumers, or are we going to cave in to firms like Equifax that have 
spent millions of dollars in lobbying Congress for weaker rules? Which 
is it?
  The FREE Act is a simple but important response to the Equifax hack. 
I hope my colleagues will join me and help pass this bill.
  Thank you, Mr. President.
  I yield the floor.
  I suggest the absence of a quorum.
  The PRESIDING OFFICER. The clerk will call the roll.
  The senior assistant legislative clerk proceeded to call the roll.
  Mr. CARDIN. Mr. President, I ask unanimous consent that the order for 
the quorum call be rescinded.
  The PRESIDING OFFICER. Without objection, it is so ordered.