Data Protection: Actions Taken by Equifax and Federal Agencies in Response to the 2017 Breach, Report to Congressional Requesters [open pdf - 3MB]
"CRAs [consumer reporting agencies] such as Equifax assemble information about consumers to produce credit reports and may provide other services, such as identity verification to federal agencies and other organizations. Data breaches at Equifax and other large organizations have highlighted the need to better protect sensitive personal information. GAO [Government Accountability Office] was asked to report on the major breach that occurred at Equifax in 2017. This report (1) summarizes the events regarding the breach and the steps taken by Equifax to assess, respond to, and recover from the incident and (2) describes actions by federal agencies to respond to the breach. To do so, GAO reviewed documents from Equifax and its cybersecurity consultant related to the breach and visited the Equifax data center in Alpharetta, Georgia, to interview officials and observe physical security measures. GAO also reviewed relevant public statements filed by Equifax. Further, GAO analyzed documents from the IRS [Internal Revenue Service], SSA [Social Security Administration], and USPS [U.S. Postal Service], which are Equifax's largest federal customers for identity-proofing services, and interviewed federal officials related to their oversight activities and response to the breach."
United States Government Accountability Office: https://www.gao.gov/