Watchdog pressed to probe post-data breach services

Watchdog pressed to probe post-data breach services

Democratic members of the House Energy and Commerce Committee are pressing a government watchdog to further investigate whether existing credit monitoring services do enough to protect consumers affected by data breaches.

The Government Accountability Office (GAO) released a report in March on identity theft services offered by the federal government and private companies to consumers who have had their information exposed. While the watchdog concluded that services like credit monitoring offer some benefits, auditors said that they are “limited” in preventing some types of fraud.

Democratic Reps. Frank Pallone Jr. (N.J.), Diana DeGette (Colo.) and Jan Schakowsky (Ill.) are now asking the GAO to explore a number of questions raised by the audit, including looking into whether certain credit monitoring services are more effective than others. 

They also want the watchdog to examine additional options that aren’t currently used by private or public companies to protect consumers in the wake of breaches and to divulge “the recent trends in breaches or information theft.”

ADVERTISEMENT
The lawmakers made the request in a letter sent to U.S. Comptroller General Gene Dodaro on Wednesday. 

“Many entities in the private and government sectors have experienced data breaches involving the loss or theft of sensitive personal information, such as Social Security numbers, fingerprints and credit card information,” they wrote. “Recent trends suggest information-rich institutions remain major targets, and unscrupulous actors will continue to exploit vulnerabilities in information security systems.” 

“Questions remain about whether purchasing and providing credit monitoring for customers is the optimal way to respond to data breaches,” they continued, adding that organizations’ use of these services could result in those affected by breaches “being lulled into a false sense of security.”

They cited the March GAO report, which found that some businesses offered identity theft protection in order to offer consumers “peace of mind,” regardless of the degree of actual data protection. The audit also found shortcomings in the Office of Personnel Management’s guidance to federal agencies on dealing with data breaches. 

“Our committee staff will work with you to prioritize multiple reports if deemed appropriate,” the lawmakers wrote. 

Pallone serves as the ranking member of the Energy and Commerce Committee, and DeGette and Schakowsky are the Democratic leaders of related subcommittees.