Cantwell Says Action Needed to Stem Tide of ID Theft, Ransomware, and Security Breaches

Source: United States Senator for Washington Maria Cantwell

10.06.21

Cantwell Says Action Needed to Stem Tide of ID Theft, Ransomware, and Security Breaches

Former FTC leaders, ID theft and cybersecurity experts say that it’s key for the FTC to have first time civil penalty authority

WASHINGTON, D.C.  –  In the second in a series of hearings on the urgent need to protect consumer privacy and data security, U.S. Senator Maria Cantwell, Chair of the Senate Committee on Commerce, Science, and Transportation, reiterated her call to create a data security and privacy enforcement bureau at the Federal Trade Commission (FTC). She has also called on Congress to ensure it is equipped with the resources, first time civil penalty authority, and clear digital security standards needed to stem the tide of data breaches, identity theft and ransomware assaults that are harming millions of Americans. 

“Earlier this year, a hacker took Colonial Pipeline offline, causing fuel shortages across the East Coast,” said Senator Cantwell. “Ransomware attacks on hospitals have put patients’ lives at risk. We heard yesterday about Facebook going offline globally due to faulty configuration. There’s word out this morning that Amazon may be facing its own situation today. So part of the problem is that we live in a more connected world. And what we know now is that when there is a data breach that consumers are the ones that pay the heavy price.”

Cantwell spoke about the devastating impact of data breaches in Washington state, pointing out that the Washington State Auditor’s Office, which had obtained claim forms in a review of the incident, “had been receiving unemployment fraud claims had its data compromised due to that vulnerability in the legacy system that was provided by a third party. Accellion systems were breached throughout the country, and we still don’t know the extent of that breach. But in Washington, the personal information of 1.6 million residents was stolen.”

“…We know that the identity theft can have a devastating impact on individuals who can’t obtain unemployment benefits because a criminal has already applied for them,” Senator Cantwell said.  “40% of these victims were not able to pay their bills. 14% were evicted for not paying rent, 33% did not have enough money for food and utilities, 13% were not able to get a job. So while most identity theft victims lose less than $500, 21% of these victims report losing more than $20,000.”

During questioning of experts, Sen. Cantwell asked each witness if they “support an FTC Privacy and Data Security Bureau.” All four expert witnesses agreed, including James E. Lee, Chief Operating Officer, Identity Theft Resource Center; Jessica Rich, of Counsel at Kelley Drye and Former Director of the Bureau of Consumer Protection at the Federal Trade Commission (FTC); Edward W. Felten, Robert E. Kahn Professor of Computer Science and Public Affairs at Princeton University and Former Chief Technologist at the FTC; and Kate Tummarello, Executive Director of Engine.

“Do you support first time penalties?” Cantwell followed.  Again, all four witnesses agreed. 

Video of Senator Cantwell’s opening statement can be found HERE, the first round of Q&A with the witnesses is HERE, the second round HERE, and the final round and closing remarks HERE.

The full transcript can be found HERE.

###