:format(webp)/cdn.vox-cdn.com/uploads/chorus_image/image/56588803/657294806.0.jpg)
The U.S. Congress plans to probe a massive data breach at the credit-monitoring service Equifax that compromised roughly 143 million Americans’ most sensitive information.
Two panels of lawmakers each announced on Friday they planned to grill the company at an upcoming hearing, the date of which the committees did not share. Still, it’s likely to spell only the start of serious scrutiny for Equifax, where hackers earlier this summer gained access to Social Security numbers, home addresses and some credit card data.
“This unprecedented data breach could impact tens of millions of Americans and raises serious questions about the security of our personal information online,” said Rep. Greg Walden, the Republican who leads the House Energy and Commerce Committee.
“After receiving an initial briefing from Equifax, I have decided to hold a hearing on the matter so that we can learn what went wrong and what we need to do to better protect consumers from serious breaches like this in the future,” he said in a statement.
The House Financial Services Committee also plans to hold a hearing on the incident, its leader, Rep. Jeb Hensarling, announced earlier in the day.
Congress typically wades into major cybersecurity incidents, and in the past it has probed major breaches that have befallen companies like Target and Home Depot. But lawmakers have struggled for years to write and pass legislation that would set a single, national standard for how companies inform consumers when their private data has been stolen.
Otherwise, Equifax could face more formal scrutiny, including a review by the Federal Trade Commission, typically the country’s privacy-and-security cop. The agency declined to say Friday if it is investigating the matter, citing policy against confirming or denying potential reviews.
But Equifax did learn earlier Friday it would face a formal investigation in New York. There, the state’s attorney general, Eric Schneiderman, already has sent the company a litany of questions about its handling of the breach. And Schneiderman pressed Equifax to remove legal language from its special website notifying affected consumers that might prevent them from filing class-action lawsuits.
This article originally appeared on Recode.net.
