Shaheen to Equifax: Provide Assistance to Small Businesses Caught up in Data Breach

September 27, 2017

**Identity theft is especially devastating for small business owners** 

**Availability of capital for small business owners directly tied to personal credit scores** 

(Washington, DC) – Today, Senator Jeanne Shaheen (D-NH) and Representative Nydia M. Velázquez (NY-07), the top Democrats on the Senate and House Small Business Committees, wrote the newly installed leadership of Equifax about the impact the company’s historic cybersecurity breach will have on the country’s 29 million small business owners.  They are seeking answers to how the company will contain the damage and help small business victims.

In a letter to Mark Feidler and Paulino do Rego Barros Jr., Equifax’s Non-Executive Chairman and Interim CEO, Senator Shaheen and Rep. Velázquez wrote: “The availability of business credit for small business owners is inextricably tied to their personal credit score, and we are gravely concerned about the effect this breach will have on the ability of small businesses to access affordable credit.  Given the significant potential exposure of small businesses as a result of this breach, we urge you to provide greater assistance for small business owners and different protective products.”

Senator Shaheen said: “We still don’t know the full extent of this massive breach that compromised the personal information of 143 million Americans, but it has exposed small business owners to identity theft and a potentially lower credit score.  This could be devastating for these businesses and their ability to get credit on reasonable terms.  Equifax has an obligation to make this right.”

The full text of the letter is below and here

 

September 26, 2017

Mr. Mark Feidler, Non-Executive Chairman                                                

Mr. Paulino do Rego Barros Jr., Interim Chief Executive Officer

Equifax

1550 Peachtree Street NE

Atlanta, GA 30309

Dear Messrs. Feidler and Barros:

We are concerned about the impact the historic cybersecurity breach at Equifax will have on our country’s 29 million small business owners.  Based on public reporting, the data breach announced on September 7th compromised the names, Social Security numbers, birth dates, addresses, drivers licenses and credit card numbers of 143 million American consumers.  The availability of business credit for small business owners is inextricably tied to their personal credit score, and we are gravely concerned about the effect this breach will have on the ability of small businesses to access affordable credit.

As you know, access to capital is one of the biggest challenges facing small business owners and entrepreneurs.  Since the financial collapse, banks have reduced lending to small businesses.  An analysis by Florida Atlantic University indicates small business loans have decreased by 13.7 percent from 2008-2016, while lending to large firms has increased by 48.9 percent during the same period.  

For small business owners, identity theft is especially devastating because it will affect not only their personal finances but also their businesses and livelihoods.  Lenders, including those who make more than 60,000 loans annually through the U.S. Small Business Administration’s (SBA) loan guarantee programs, check the credit scores of small business applicants.  If the Equifax data breach leads to identity theft, affected small businesses could face less favorable terms, including higher interest rates or outright denial.  When a small business owner is denied access to conventional credit or an SBA loan, they may turn to high-priced, non-traditional lending sources, which could squeeze cash flow, hurt their bottom line and jeopardize their home or other collateral.

Given the significant potential exposure of small businesses as a result of this breach, we urge you to provide greater assistance for small business owners and different protective products.  Freezing credit might be reasonable and prudent for the consumer who needs a one-time credit check for a mortgage or a credit card, but it might be much more complicated for a small business owner who relies on frequent credit checks to address day-to-day operations.  Unfreezing credit is time-consuming, with long pin numbers that are hard to remember, easy to lose, and a hassle to reset.  Most small businesses do not have the staff or financial resources to become experts in cybersecurity and identity theft protections, and banking laws mostly protect consumers, not small business owners.  As your website says, “Unfortunately, in most cases, people do not learn they have been a victim of identity theft until after the damage has been done.” 

As the Ranking Members of the Senate Committee on Small Business and Entrepreneurship and the House Committee on Small Business, we write to request the following information: 

  1. What steps are Equifax and its newly formed Special Committee of the Board taking to educate small business owners about the breach and what it means for their businesses?  Instead of putting the burden on the consumer to check if their Personal Identifying Information (PII) has been compromised, why not send letters to your clients as has occurred in other large-scale breaches? 
  2. Does Equifax recognize that just as the credit needs of small businesses differ from consumers, the solutions and protections for small businesses need to be different in responding to and mitigating the impact of identity theft?  Does Equifax plan to have dedicated lines and agents for small business owners?
  3. How is Equifax working with lenders to establish a safe way to check credit scores for borrowers seeking a small business loan?
  4. How will Equifax ensure that assistance is provided to small business owners in areas with little or no access to the internet?  Currently, it appears only the Equifax website can tell you if your information was compromised.
  5. Is Equifax confident that only the credit card numbers for consumers were compromised and not those of business credit cards?
  6. Has Equifax conducted a thorough analysis of its cybersecurity systems to ensure this does not occur again in the future?
  7. Is Equifax aware of how the breach is affecting small business owners located in the disaster areas? If so, what steps are being taken to assist them?

We look forward to your prompt response.

Sincerely,

 

Jeanne Shaheen                                                                                                              Nydia Velázquez

Ranking Member                                                                                                             Ranking Member

Senate Committee on Small Business & Entrepreneurship                            House Committee on Small Business