Equifax said in a federal filing on Friday that it is still under investigation by the Consumer Financial Protection Bureau (CFPB), despite reports the agency had pulled back its probe.
In a filing with the Securities and Exchange Commission (SEC), Equifax cited the CFPB among multiple federal agencies looking into the 2017 hack that exposed millions of customers’ personal information.
The CFPB circulated the Equifax filing to reporters but declined to comment further.
Equifax said that a slew of lawsuits and federal and state investigations related to the hack would “continue to adversely impact our business and results of operations.”
Hackers accessed the personal information to 147.9 million people, equal to roughly 45 percent of the U.S. population, through software flaws Equifax failed to update. The information included Social Security numbers, home addresses, driver’s license information and other sensitive data.
“A number of U.S. federal, state, local and foreign governmental officials and agencies … continue to investigate events related to the 2017 cybersecurity incident,” Equifax said in the filing.
Equifax listed probes started by the CFPB, SEC, Federal Trade Commission, Justice Department and state attorneys general, along with British and Canadian regulators.
Reuters reported last month that Office of Management and Budget Director Mick Mulvaney , the CFPB’s acting chief, declined to issue subpoenas and schedule interviews with top Equifax brass, effectively freezing the probe.
A Mulvaney spokesman said in February that the acting director “takes data security issues very seriously,” but declined to say whether the CFPB was investigating Equifax.
“Under his direction, the CFPB is working with our partners across government on Equifax’s data breach and response,” the spokesman said. “We are committed to enforcing the law. As policy, we do not confirm or deny enforcement or supervisory matters.”
The report that Mulvaney was freezing the Equifax probe enraged Democratic lawmakers and liberal groups, who have objected to the acting director’s agenda for the CFPB. than 30 senators demanded details about the bureau’s probe into the data breach.
The group, led by Sen. Brian Schatz (D-Hawaii), sent a letter to the CFPB, dated Feb. 7, citing the Reuters report.
“The CFPB has a statutory mandate to participate in this process by conducting an investigation,” the senators wrote.