U.S. regulators need authority to ensure credit agencies keep data secure -report

WASHINGTON, March 26 (Reuters) - U.S. lawmakers should empower the Federal Trade Commission (FTC) to impose civil penalties on consumer credit reporting agencies that fail to secure customers' records, congressional auditors recommended in a report released on Tuesday.

The Government Accountability Office also urged the Consumer Financial Protection Bureau (CFPB) to improve its oversight and supervision of such credit reporting agencies (CRAs).

Concerns over the security of consumer data, particularly with credit reporting companies, have loomed large since Equifax Inc's massive data breach in 2017 that exposed the personal information of more than 143 million Americans in one of the largest hacks ever.

If the FTC had the power to fine such companies for violating data security provisions, that would boost consumer data security, given customers have few avenues to protect such sensitive information even after major data breaches, the GAO said.

Giving federal agencies greater oversight power, however, would run counter to the Republican Trump administration's vows to reduce and curb federal regulations.

"While companies in many industries have experienced data breaches, CRAs may present heightened risks because of the scope of sensitive information they possess," GAO, an independent research arm of Congress, said in its February report.

The FTC should "have all of the appropriate enforcement options to fulfill its mission of protecting consumers," the watchdog said.

U.S. House Oversight and Reform Committee Chairman Elijah Cummings and U.S. Senator Elizabeth Warren, the ranking Democrat on the Senate Banking panel's consumer protection subcommittee and a presidential candidate for the party's 2020 nomination, released the findings ahead of a congressional hearing on the issue.

"Vulnerabilities still exist," they said in a statement. "We need to give the FTC more tools to crack down on consumer data abuses and the CFPB needs to do its job, hold these firms accountable, and protect consumers."

Later on Tuesday, the Democratic-controlled House oversight panel was scheduled to examine how the Federal Trade Commission and the Consumer Financial Protection Bureau can boost cybersecurity at consumer reporting agencies with representatives from the GAO, the FTC's Bureau of Consumer Protection and the grassroots advocacy group U.S. PIRG.

In separate comments in the report, the CFPB said it lacked certain authorities to oversee security provisions.

The FTC investigated Equifax in the wake of the 2017 cybersecurity breach that drew intense public interest and brought the company's chief executive to testify before Congress. The FBI also launched its own probe, and various lawmakers introduced bills seeking to respond to the hack.

Other credit reporting agencies include TransUnion and Experian PLC. (Reporting by Susan Heavey; Editing by Bernadette Baum)