Identity theft is especially devastating for small business owners

 Availability of capital for small business owners directly tied to personal credit scores

(Washington, DC) – The top Democrats on the Senate and House Small Business Committees today wrote the newly installed leadership of Equifax about the impact the company’s historic cybersecurity breach will have on the country’s 29 million small business owners.  They are seeking answers to how the company will contain the damage and help small business victims.

In a letter to Mark Feidler and Paulino do Rego Barros Jr., Equifax’s Non-Executive Chairman and Interim CEO, Senator Jeanne Shaheen (D-NH) and Rep. Nydia M. Velázquez (NY-07) wrote: “The availability of business credit for small business owners is inextricably tied to their personal credit score, and we are gravely concerned about the effect this breach will have on the ability of small businesses to access affordable credit.  Given the significant potential exposure of small businesses as a result of this breach, we urge you to provide greater assistance for small business owners and different protective products.”

Senator Shaheen said: “We still don’t know the full extent of this massive breach that compromised the personal information of 143 million Americans, but it has exposed small business owners to identity theft and a potentially lower credit score.  This could be devastating for these businesses and their ability to get credit on reasonable terms.  Equifax has an obligation to make this right.”

Rep. Velázquez said: “Whether starting a family owned grocery store or a high-tech start-up, small business owners often need to use their personal creditworthiness to invest in their dream venture.  Access to capital is a major issue for small firms, especially women, minority and veteran owned businesses that have been traditionally underserved.  Identify theft can compromise credit scores and an individual’s ability to secure capital in the future.  The conditions of the Equifax hack must be brought to light.  Otherwise, we have opened the flood gates to extremely predatory and reckless practices that will devastate America’s small businesses.”

__________

  

September 26, 2017

Mr. Mark Feidler, Non-Executive Chairman                                                     
Mr. Paulino do Rego Barros Jr., Interim Chief Executive Officer
Equifax
1550 Peachtree Street NE
Atlanta, GA 30309

Dear Messrs. Feidler and Barros:


We are concerned about the impact the historic cybersecurity breach at Equifax will have on our country’s 29 million small business owners.  Based on public reporting, the data breach announced on September 7th compromised the names, Social Security numbers, birth dates, addresses, drivers licenses and credit card numbers of 143 million American consumers.  The availability of business credit for small business owners is inextricably tied to their personal credit score, and we are gravely concerned about the effect this breach will have on the ability of small businesses to access affordable credit.

As you know, access to capital is one of the biggest challenges facing small business owners and entrepreneurs.  Since the financial collapse, banks have reduced lending to small businesses.  An analysis by Florida Atlantic University indicates small business loans have decreased by 13.7 percent from 2008-2016, while lending to large firms has increased by 48.9 percent during the same period.  

For small business owners, identity theft is especially devastating because it will affect not only their personal finances but also their businesses and livelihoods.  Lenders, including those who make more than 60,000 loans annually through the U.S. Small Business Administration’s (SBA) loan guarantee programs, check the credit scores of small business applicants.  If the Equifax data breach leads to identity theft, affected small businesses could face less favorable terms, including higher interest rates or outright denial.  When a small business owner is denied access to conventional credit or an SBA loan, they may turn to high-priced, non-traditional lending sources, which could squeeze cash flow, hurt their bottom line and jeopardize their home or other collateral.

Given the significant potential exposure of small businesses as a result of this breach, we urge you to provide greater assistance for small business owners and different protective products.  Freezing credit might be reasonable and prudent for the consumer who needs a one-time credit check for a mortgage or a credit card, but it might be much more complicated for a small business owner who relies on frequent credit checks to address day-to-day operations.  Unfreezing credit is time-consuming, with long pin numbers that are hard to remember, easy to lose, and a hassle to reset.  Most small businesses do not have the staff or financial resources to become experts in cybersecurity and identity theft protections, and banking laws mostly protect consumers, not small business owners.  As your website says, “Unfortunately, in most cases, people do not learn they have been a victim of identity theft until after the damage has been done.” 

As the Ranking Members of the Senate Committee on Small Business and Entrepreneurship and the House Committee on Small Business, we write to request the following information: 

     1.  What steps are Equifax and its newly formed Special Committee of the Board taking to educate small business owners about the breach and what it means for their businesses?  Instead of putting the burden on the consumer to check if their Personal Identifying Information (PII) has been compromised, why not send letters to your clients as has occurred in other large-scale breaches? 

     
     2.  Does Equifax recognize that just as the credit needs of small businesses differ from consumers, the solutions and protections for small businesses need to be different in responding to and mitigating the impact of identity theft?  Does Equifax plan to have dedicated lines and agents for small business owners?


     3.  How is Equifax working with lenders to establish a safe way to check credit scores for borrowers seeking a small business loan?


     4.  How will Equifax ensure that assistance is provided to small business owners in areas with little or no access to the internet?  Currently, it appears only the Equifax website can tell you if your information was compromised.


     5.  Is Equifax confident that only the credit card numbers for consumers were compromised and not those of business credit cards?


     6.  Has Equifax conducted a thorough analysis of its cybersecurity systems to ensure this does not occur again in the future?


     7.  Is Equifax aware of how the breach is affecting small business owners located in the disaster areas? If so, what steps are being taken to assist them?


We look forward to your prompt response.

Sincerely,

 

Jeanne Shaheen                                                                 
Ranking Member                                                                 
Senate Committee on Small Business & Entrepreneurship          

Nydia Velázquez
Ranking Member                
House Committee on Small Business