OFFICIALS LEGISLATION INTEREST GROUPS PUBLIC STATEMENTS COMMITTEES VETOES

Letter to Mr. Mark Feidler,Non-Executive Chairman, Mr Paulino do Rego Barros, Jr., Interim CEO of Equifax - Provide Assistance to Small Businesses Caught up in Data Breach

Letter

Date: Sept. 27, 2017
Location: Washington, DC
Issues: Technology and Communication Business and Consumers Finance and Banking

Dear Messrs. Feidler and Barros:

We are concerned about the impact the historic cybersecurity breach at Equifax will have on our country's 29 million small business owners. Based on public reporting, the data breach announced on September 7th compromised the names, Social Security numbers, birth dates, addresses, drivers licenses and credit card numbers of 143 million American consumers. The availability of business credit for small business owners is inextricably tied to their personal credit score, and we are gravely concerned about the effect this breach will have on the ability of small businesses to access affordable credit.

As you know, access to capital is one of the biggest challenges facing small business owners and entrepreneurs. Since the financial collapse, banks have reduced lending to small businesses. An analysis by Florida Atlantic University indicates small business loans have decreased by 13.7 percent from 2008-2016, while lending to large firms has increased by 48.9 percent during the same period.

For small business owners, identity theft is especially devastating because it will affect not only their personal finances but also their businesses and livelihoods. Lenders, including those who make more than 60,000 loans annually through the U.S. Small Business Administration's (SBA) loan guarantee programs, check the credit scores of small business applicants. If the Equifax data breach leads to identity theft, affected small businesses could face less favorable terms, including higher interest rates or outright denial. When a small business owner is denied access to conventional credit or an SBA loan, they may turn to high-priced, non-traditional lending sources, which could squeeze cash flow, hurt their bottom line and jeopardize their home or other collateral.

Given the significant potential exposure of small businesses as a result of this breach, we urge you to provide greater assistance for small business owners and different protective products. Freezing credit might be reasonable and prudent for the consumer who needs a one-time credit check for a mortgage or a credit card, but it might be much more complicated for a small business owner who relies on frequent credit checks to address day-to-day operations. Unfreezing credit is time-consuming, with long pin numbers that are hard to remember, easy to lose, and a hassle to reset. Most small businesses do not have the staff or financial resources to become experts in cybersecurity and identity theft protections, and banking laws mostly protect consumers, not small business owners. As your website says, "Unfortunately, in most cases, people do not learn they have been a victim of identity theft until after the damage has been done."

As the Ranking Members of the Senate Committee on Small Business and Entrepreneurship and the House Committee on Small Business, we write to request the following information:

What steps are Equifax and its newly formed Special Committee of the Board taking to educate small business owners about the breach and what it means for their businesses? Instead of putting the burden on the consumer to check if their Personal Identifying Information (PII) has been compromised, why not send letters to your clients as has occurred in other large-scale breaches?
Does Equifax recognize that just as the credit needs of small businesses differ from consumers, the solutions and protections for small businesses need to be different in responding to and mitigating the impact of identity theft? Does Equifax plan to have dedicated lines and agents for small business owners?
How is Equifax working with lenders to establish a safe way to check credit scores for borrowers seeking a small business loan?
How will Equifax ensure that assistance is provided to small business owners in areas with little or no access to the internet? Currently, it appears only the Equifax website can tell you if your information was compromised.
Is Equifax confident that only the credit card numbers for consumers were compromised and not those of business credit cards?
Has Equifax conducted a thorough analysis of its cybersecurity systems to ensure this does not occur again in the future?
Is Equifax aware of how the breach is affecting small business owners located in the disaster areas? If so, what steps are being taken to assist them?
We look forward to your prompt response.

Sincerely,

Jeanne Shaheen Nydia Velázquez

Ranking Member Ranking Member

Senate Committee on Small Business & Entrepreneurship House Committee on Small Business


Source
arrow_upward