Consumers Vulnerable in Era of Increasing Data Breaches, Experts Tell House Subcommittee

continue to see more data breaches and the unfortunate ripple effects," said ranking member Frank Pallone, D-N.J. Subcommittee Chairman Morgan Griffith, R-Va., said the hearing kicks off "a much longer conversation" Congress is undertaking to address identity verification issues. Witnesses were asked to provide perspective on threats from repackaged stolen identities into new data sets that can override knowledge-based authentication protections, which rely on a series of user-unique questions. Public and private sectors have recognized the problem, but “significant work remains,” said a subcommittee hearing memo. The recent Equifax breach starkly illustrates that attackers can easily override “first-generation tools” to protect identity, said prepared testimony of Venable Managing Director Jeremy Grant, advocating a bigger role for government to address critical vulnerabilities. “There’s an active trading scene exchanging data both for monetary gain and simply as a hobby,” said Australian security author and educator Troy Hunt. Few people realize how vulnerable they are and how many times their data has already been breached, said Hunt, who offers a free service to help people understand their exposure. “There’s not enough incentive to do things right and not enough disincentive to do them wrong before the pattern repeats,” he said. US PIRG consumer program director Edmund Mierzwinski's testimony called for Congress to take a “careful approach,” and not override state authority to enact strong consumer protection. California, Massachusetts, Illinois and Texas have strong data breach notification laws, he said, and 17 other states have laws that allow victims to sue data breach notification violators. Congress should extend free credit freezes at the three national consumer reporting agencies and ensure one-stop shopping, Mierzwinski said. "This is the best way to protect identity theft."