Equifax had been under investigation by the Consumer Financial Protection Bureau.
Equifax had been under investigation by the Consumer Financial Protection Bureau.

White House Budget Director Mick Mulvaney, recently installed by President Trump as acting head of the Consumer Financial Protection Bureau, has backburnered a comprehensive investigation into Equifax's data protection practices after hackers nicked the personal data of 145.5 million American consumers.

The Equifax breach, now believed to have been accomplished through the exploitation of a vulnerability in open-source server software Apache Struts (disclosed earlier in September), put the credit information company in the line of fire for criticism over poor security practices and prompted at least three congressional committees to consider probing the incident.

“Just now seeing that CFPB pseudo-leadership may be pulling back from pursuing ongoing investigation of Equifax data breach that hurt tens of millions of Americans,” former CFPB Director Richard Cordray tweeted, after Reuters published a report on Mulvaney's decision. “If you're not going to stand up for consumers on something this important, then what good are you?”

Mulvaney, who took the helm at CFPB in November, said earlier in the year that the agency had “overstepped its bounds” and pledged in a mission statement that it would move forward with “humility and prudence.” He also declined to request CFPB funding from the Federal Reserve for the quarter.

“If a company closes its doors under the weight of a multiyear Civil Investigative Demand, you and I will still have jobs at C.F.P.B.,” Mulvaney said in the mission statement. “But what about the workers who are laid off as a result?”

The bureau has been working with the Federal Trade Commission (FTC) on the Equifax case, the Reuters report said, but to date hasn't issued any subpoenas. The FTC, the report noted, hasn't punished a major credit bureau since it reached a $393,000 settlement with Equifax in 2012. The CFPB, which was created by the Dodd-Frank Act, has aggressively pursued companies like Wells Fargo for fraudulent practices, with fines sometimes reaching nearly $200 million. It levied fines in excess of $25 million on credit bureaus in 2017 alone.

“The bureau has the desire, expertise, and know-how in-house to vigorously pursue hypothetical matters such as these,” Reuters cited CFPB spokesperson John Czwartacki as saying.