Press Releases
WASHINGTON — The U.S. Senate unanimously passed bipartisan legislation introduced by Sen. Mark R. Warner (D-VA), a member of the Senate Finance Committee, to improve health outcomes for Medicare beneficiaries living with chronic conditions.
“There are a number of impressive innovations in the public and private sector to deliver better care to patients with multiple chronic conditions,” said Sen. Warner. “This Chronic Care Working Group deliberately worked with patients, advocacy groups, innovators, and other health care stakeholders to put together a set of bipartisan, cost-effective, and evidence-based policies that will better facilitate the delivery of high-quality and affordable care for our Medicare population. This bill takes the necessary steps to modernize Medicare to better meet the needs of today’s seniors and I am encouraged to see it move forward.”
The Creating High-Quality Results and Outcomes Necessary to Improve Chronic (CHRONIC) Care Act would:
- Permanently reauthorize and strengthen Medicare Advantage Special Needs plans to ensure that Medicare beneficiaries with chronic conditions or other significant health needs have continued access to quality care that is tailored to their personal needs;
- Expand telehealth services offered through different providers of care that will benefit seniors in rural areas and increase access to primary care services and telestroke care; and
- Extend the proven “independence at home” model that allows seniors to receive care from primary care teams. This provision aims to decrease hospital readmissions and to allow seniors with multiple chronic conditions to receive care in their own home.
Announced at a May 2015 hearing on chronic care, the Finance Committee formed the bipartisan Chronic Care Working Group led by Warner and Isakson to develop policy ideas to address Medicare spending on treating multiple chronic illnesses.
The CHRONIC Care Act was introduced in the last Congress and reintroduced earlier this year by Sen. Warner and Sen. Johnny Isakson (R-GA), along with Senate Finance Committee Chairman Orrin Hatch (R-UT) and Ranking Member Ron Wyden (D-OR). In May, the bill passed unanimously out of the Senate Finance Committee.
A section-by-section summary of the CHRONIC Care Act of 2017 can be found here. A one-page summary of the CHRONIC Care Act of 2017 can be found here. The legislative text of theCHRONIC Care Act of 2017 can be found here.
###
WASHINGTON – U.S. Sen. Mark R. Warner (D-VA) released the below statement following the announcement by Sen. Bob Corker (R-TN) that he will not seek re-election in 2018:
“When I joined the Senate in 2009, Bob Corker was one of the first people I sought out because of his experience in business and local government. Since then, he has become a dear friend, and we have worked closely together on a number of budget and banking-related issues, particularly housing finance reform. No matter the challenge, you can always count on Senator Corker to bring a reasoned, thoughtful approach, and to make decisions based not on partisanship but on what he believes is in the best interests of the American people. I am sorry to hear of his decision not to run for another term in the Senate, but I appreciate his many contributions to the people of Chattanooga, where he served as mayor; to the State of Tennessee, where he served as Commissioner of Finance and Administration; and to our country. I salute his service, value his friendship, and wish him nothing but the best in the future.
“I also hope this is a wake-up call to all of us in the Senate that we need to recommit ourselves to creating an environment where reasonable, thoughtful people of both parties can come together to solve problems.”
Sen. Warner and Sen. Corker have worked across the aisle on a number of policy initiatives and reforms to the country’s financial system. In 2010, they partnered on bipartisan financial reforms that were included in the Dodd-Frank Wall Street Reform and Consumer Protection Act. In 2013, they partnered on bipartisan effort to reform the broken housing finance system, an effort that remains ongoing. That year, the Center for the Study of the Presidency and Congress awarded Warner and Corker with its prestigious Publius Award for their bipartisan leadership in Congress.
###
Sen. Warner to SEC Chairman: "I Question if Equifax Even Has the Right to Continue Providing these Services”
Sep 26 2017
WASHINGTON – This morning, in a hearing of the Senate Banking Committee with Securities and Exchange Commission (SEC) Chairman Jay Clayton, Sen. Mark R. Warner (D-VA) slammed the credit bureau Equifax for its cybersecurity failures and weak response in the wake of a data breach affecting the personal information of 143 million Americans. Sen. Warner, Ranking Member of the Subcommittee on Securities, Annuities, and Other Financial Investments, pressed the SEC Chairman to work with the Banking Committee to push for more transparency and accountability when a public company is breached and Americans’ personal information is exposed.
Said Warner of the Equifax breach, “We have no ability to opt-in to these systems. We are part of these systems whether we like it or not. I’m often asked in my job on the Intelligence Committee what I think the single greatest vulnerability our country faces is, and I believe it’s cybersecurity.”
Added the Senator, “I think Equifax is a travesty. I think the resignation of the CEO is by no means enough… Number one, in terms of the sloppiness of their defenses. Two, in terms of the fact that this was clearly a knowable vulnerability – they had known for months, and if they had simply put a patch in place we might have precluded this. And to add insult to injury, Equifax, when it put up the site to direct consumers after the breach, that site was not properly domain-registered and was known to have vulnerabilities in the site itself. So if we don’t send a very, very strong message – now the market has already taken, I think, 25 percent off its market value – but I question whether Equifax has the right to even continue providing these services with the level of sloppiness and lack of attention to cybersecurity.”
Noting a number of significant data breaches in both the public and private sector have affected hundreds of millions of people in recent years, Warner pressed the SEC Chairman on whether he believes the publicly-traded companies regulated by the agency are being sufficiently forthcoming with shareholders and the public when their systems are breached by hackers.
The SEC Chairman told Sen. Warner, “I agree with you generally. I don’t think there’s been enough disclosure around the risk profile of companies with respect to cybersecurity. Where are the risks, what are the vulnerabilities, what do we know, not know. And then, if there are breaches, the disclosure of those specific breaches. I don’t think there’s been adequate disclosure in that regard.”
Warner urged Chairman Clayton to work with the Banking Committee to strengthen those reporting standards through the SEC rulemaking process or by working with Senators to craft appropriate legislation that would improve disclosure and transparency for companies that suffer a data breach. A full transcript of their exchange is below.
In a September 13 letter, Sen. Warner also asked the Federal Trade Commission (FTC) to examine whether credit reporting agencies such as Equifax have adequate cybersecurity safeguards in place for “the enormous amounts of sensitive data they gather and commercialize.” In a response to Sen. Warner’s questions, dated September 21 and newly released today, the FTC disclosed that the agency is considering whether an existing FTC consent degree with Equifax for violations of the Fair Credit Reporting Act could allow the FTC to assess additional sanctions and civil penalties on Equifax for its failure to maintain acceptable data security practices. The FTC also agreed with Sen. Warner’s assessment that Equifax has not adopted sufficient security practices for consumers wishing to place a credit freeze on their accounts following the theft of their personal information.
The FTC also recommended that Congress take up comprehensive data security legislation that would provide timely notification to consumers when there is a data breach – a cause Sen. Warner has championed for more than three years.
The FTC’s full response to Sen. Warner is available here.
Transcript:
WARNER: Let me first of all echo what Senator Kennedy has just said. The whole notion of the credit rating agencies, and the public’s ability – we have no ability to opt-in to these systems. We are part of these systems whether we like it or not. I’m often asked in my job on the Intelligence Committee what I think the single greatest vulnerability our country faces is, and I believe it’s cybersecurity. I believe we do not have a whole-of-government, or whole-of-society approach on cybersecurity. In recent times, we have seen Russia take unprecedented action attacking 21 of our states’ voting systems. We’ve seen our social media platforms being manipulated with false information and misinformation and disinformation campaigns that are at least indirectly related to cyber.
I appreciate you, Mr. Chairman, coming forward with the recognition of the EDGAR system breach. I wish it had been done quicker, though as has been pointed out, this is not in isolation. We’ve seen, as has been pointed out, OPM and a series of other governmental breaches. I think Equifax is a travesty. I think the resignation of the CEO is by no means enough. I would say, and I understand your reluctance to acknowledge whether there is an investigation, your colleagues at the FTC, who also have a process in place where they normally don’t reveal an ongoing investigation, felt that this was so serious that they acknowledged that there was an investigation going on.
And the Equifax breach is so egregious. Number one, in terms of the sloppiness of their defenses. Two, in terms of the fact that this was clearly a knowable vulnerability – they had known for months, and if they had simply put a patch in place we might have precluded this. And to add insult to injury, Equifax, when it put up the site to direct consumers after the breach, that site was not properly domain-registered and was known to have vulnerabilities in the site itself. So if we don’t send a very, very strong message – now the market has already taken, I think, 25 percent off its market value – but I question whether Equifax has the right to even continue providing these services with the level of sloppiness and lack of attention to cybersecurity.
I’d also point out – and Senator Brown raised this question – this not the first time. I mean, Yahoo last year. 500 million user breach, and Yahoo did not believe that it was material enough to even report. One investigation has shown, with 9,000 public companies, we have less than 100 companies, since 2010, feel that any level of cyber incursion was significant enough to meet that materiality standard to notify the public. I find that absolutely unacceptable.
I know Senator Brown asked that, but Mr. Clayton, do you want to make any further comment about what the SEC might be looking at in terms of reviewing these materiality standards as it relates to cybersecurity?
CLAYTON: Yes, I do. I agree with you generally. I don’t think there’s been enough disclosure around the risk profile of companies with respect to cybersecurity. Where are the risks, what are the vulnerabilities, what do we know, not know. And then, if there are breaches, the disclosure of those specific breaches. I don’t think there’s been adequate disclosure in that regard.
WARNER: Well my hope would be that this would be something – I know I’m very interested in, and I think across both sides of the aisle, we’d like to work with you on – whether we need legislative actions, or whether we work with you as an entity.
###
WASHINGTON – U.S. Sen. Mark R. Warner (D-VA), a member of the Senate Finance and Budget Committees, released the following statement today on Senate Republican efforts to repeal the Affordable Care Act:
“This evening, the CBO released a score concluding millions of Americans would lose healthcare under this latest partisan repeal plan. Just hours before, S&P released a report finding that the Graham-Cassidy bill would cost our country about 580,000 jobs and $240 billion in lost economic activity over the next decade. There’s a reason why this bill is opposed by non-partisan groups from every sector of the health industry, including the American Medical Association, health insurers, hospitals, patients, the American Cancer Society, and the American Heart Association. With even the center-right think tank AEI panning both this bill and the process under which it is being rammed through Congress, it is time for the Senate to put this bill aside and recognize that we must work in a bipartisan way to stabilize the health insurance markets and put in place permanent fixes to lower costs and expand health care options for Americans. I stand ready and willing to work with any Senator, Republican or Democrat, who seriously shares that goal.”
###
WASHINGTON - Senate Intelligence Committee Chairman Richard Burr (R-NC) and Vice Chairman Mark Warner (D-VA) today made the following announcement on the testimony of Michael Cohen:
“We were disappointed that Mr. Cohen decided to pre-empt today’s interview by releasing a public statement prior to his engagement with Committee staff, in spite of the Committee’s requests that he refrain from public comment. As a result, we declined to move forward with today’s interview and will reschedule Mr. Cohen’s appearance before the Committee in open session at a date in the near future. The Committee expects witnesses in this investigation to work in good faith with the Senate.”
###
Warner, Colleagues Tell President Trump: Fill Diplomatic Appointments Key to Addressing North Korea Crisis
Sep 19 2017
WASHINGTON – U.S. Sen. Mark R. Warner (D-VA) joined Sen. Mazie K. Hirono (D-HI) and a group of Senators in calling on President Trump to fill the vacancies for U.S. Ambassador to South Korea, Assistant Secretary of State for East Asian and Pacific Affairs, and Assistant Secretary of Defense for Asian and Pacific Security Affairs. These key positions have gone unfilled in the over eight months of the Trump presidency. In the wake of North Korea’s actions, Senate-confirmed nominees for these positions would provide stable leadership and coordinate State and Defense Department efforts as our country works with our allies and partners to reach a diplomatic solution.
“As North Korea continues its illegal nuclear weapons program, commits blatant violations of international law, and makes threats to our country and allies, the confirmation of a U.S. Ambassador to the Republic of Korea must be prioritized to send a concrete signal to reassure not only our ROK allies but also the American people,” the Senators wrote. “Just as our diplomatic mission to the ROK deserves leadership of an ambassador to represent our nation’s interests, our country’s diplomatic and military efforts in the Indo-Asia-Pacific region deserve permanent Assistant Secretaries of State and Defense to coordinate our diplomatic efforts on North Korea, other regional challenges as well as opportunities to advance U.S. interests.”
In addition to Sens. Warner and Hirono, the following Senators also signed the letter: Sens. Bob Casey (D-PA), Tammy Duckworth (D-IL), Richard Durbin (D-IL), Heidi Heitkamp (D-ND), Amy Klobuchar (D-MN), Edward Markey (D-MA), Elizabeth Warren (D-MA), and Chris Van Hollen (D-MD).
Text of the letter is below and can also be found here.
Dear Mr. President:
We write to you today to express our deep concern that a nominee to fill the vacancy of the U.S. ambassadorship to the Republic of Korea (ROK) in light of escalating tensions on the Korean Peninsula has yet to be announced eight months into your presidency. Given the importance of the Indo-Asia-Pacific region to U.S. national security interests, we urge you to swiftly send a nominee to the Senate for advice and consent along with your nominees to serve as Assistant Secretary of State for East Asian and Pacific Affairs and Assistant Secretary of Defense for Asian and Pacific Security Affairs which play key roles in coordinating U.S. diplomacy and defense policy on North Korea in addition to the wider region. We urge you to select highly qualified and competent nominees with extensive experience in the region including on North Korea issues.
As North Korea continues its illegal nuclear weapons program, commits blatant violations of international law, and makes threats to our country and allies, the confirmation of a U.S. Ambassador to the Republic of Korea must be prioritized to send a concrete signal to reassure not only our ROK allies but also the American people, that one of our most important diplomatic relationships will be appropriately represented at the ambassadorial level. The United States has diplomatic relations with over 190 nations but none are as extensive and instrumental to our national security as those with our treaty allies such as the ROK. The U.S.-ROK alliance was strengthened by the bonds forged between U.S. and ROK troops during the Korean War and it continues to be strengthened by the Korean-American community, our economic ties and our mutual defense treaty commitments. We look forward to hearing your nominee’s testimony before the Senate Foreign Relations Committee on your administration’s North Korea strategy and how the U.S.-ROK alliance can be further strengthened to meet the challenges and opportunities in our bilateral relationship.
Just as our diplomatic mission to the ROK deserves leadership of an ambassador to represent our nation’s interests, our country’s diplomatic and military efforts in the Indo-Asia-Pacific region deserve permanent Assistant Secretaries of State and Defense to coordinate our diplomatic efforts on North Korea, other regional challenges as well as opportunities to advance U.S. interests. As head of the Bureau of East Asian and Pacific Affairs within the State Department, the Assistant Secretary of State for East Asian and Pacific Affairs manages our diplomatic activities and serves as a key advisor to the Secretary of State and the Under Secretary for Political Affairs on regional matters. Its Defense Department counterpart serves a similar role for oversight of security cooperation not only with our five treaty allies in the region but a growing number of partners key to our national security interests. The recent enactment of additional sanctions on North Korea from Congress and the United Nations Security Council warrant these posts to be filled on a non-acting basis to lead efforts to ensure close coordination with our allies and partners as implementation proceeds and dialogue continues on our response to North Korea’s continued provocations.
To date, the Senate has confirmed 20 ambassadorial nominees including six to close allied nations. It is critical now for our government to affirmatively convey to our ROK allies that our relationship is valued in the same manner as these nations, and as senators we stand ready to consider your nominees for U.S. ambassador to the ROK as well as Assistant Secretary of State for East Asian and Pacific Affairs and Assistant Secretary of Defense for Asian and Pacific Security Affairs. Thank you for your consideration and we look forward to your response.
Sincerely,
###
Warner, Kaine Announce more than $8 Million In Federal Funds for Improvements at Virginia Airports
Sep 19 2017
WASHINGTON— U.S. Sens. Mark R. Warner and Tim Kaine (both D-VA) announced today that four Virginia airports will receive a total of $8,457,339 in federal funding from the Department of Transportation’s (DOT) Federal Aviation Administration (FAA) to improve and enhance airport infrastructure.
“Virginia airports face growing demands in ensuring travelers have access to high quality facilities,” the Senators said. “This federal funding will help our local airports improve their conditions and maintain critical infrastructure so travelers can feel confident in the safety of their airports.”
Airports and project amounts are listed below:
- Warrenton-Fauquier Airport - $3,765,800. This grant will help fund the construction of a 20,000 square yard apron to accommodate the increased use of the general aviation facilities and a 1,600 foot access road to provide access to the new mid-field apron.
- Roanoke-Blacksburg Regional/Woodrum Field Airport - $3,080,553. This grant will fund seal coat rehabilitation of two runways to maintain the structural integrity of the pavement and to minimize foreign object debris, and the installation of a canopy over the passenger walkway.
- Farmville Regional Airport - $1,310,986. This grant will help reconstruct 12,000 square yards of the existing terminal apron pavement that has reached the end of its useful life.
- Orange County Airport - $300,000. This grant will help fund crack seal rehabilitation for existing taxiway pavements and terminal aprons that have reached the end of their useful life.
###
WASHINGTON— U.S. Sen. Mark R. Warner (D-VA) issued this statement on the passing of Dr. Ron Carrier, former longtime president of James Madison University:
"It is hard to overstate Ron's tremendous impact on JMU's history, its growth and the reputation it enjoys today. At the same time, Ron provided principled and strong leadership throughout the Valley and indeed across Virginia.
# # #
Warner & Kaine Announce more than $1 Million of ARC Infrastructure Funding for Floyd County
Sep 15 2017
WASHINGTON, D.C. – Today, U.S. Senators Mark Warner and Tim Kaine announced $1,081,958 in federal Appalachian Regional Commission (ARC) funding for the Floyd County Economic Development Authority to construct a new access road for the Floyd Regional Commerce Center. The funding, which leverages $30 million in private investment—will fund approximately 0.21 miles of access road, an industrial cul-de-sac, as well as pedestrian and bike path to facilitate Floyd County’s development of the Floyd Regional Commerce Center. The Floyd County Economic Development Authority estimates that completion of the Commerce Center would promote economic development with the potential to support more than 100 new jobs in the region.
“The Appalachian Regional Commission has supported communities in Appalachia since its formation and we are proud to advocate for the program in the Senate and announce funding for projects like this that expand economic development and opportunity in the region,” the Senators said. “This funding will allow Floyd County to improve its access to the Regional Commerce Center and spur further opportunities for growth in the area. We hope that projects like this, and the impact they have in Southwest Virginia, will encourage President Trump and House Republicans to rethink their choice to end ARC in their 2018 budget proposals. ”
Since its inception in 1965, ARC has generated over 300,000 jobs and $10 billion for the 25 million Americans living in Appalachia. ARC has provided funding and support for job-creating community projects across the 13 Appalachian states, producing an average of $204 million in annual earnings for a region often challenged by economic underdevelopment. President Trump’s budget proposes eliminating the program entirely.
In June, Warner and Kaine joined a group of six other U.S. Senators urging Senate appropriators to fully fund the Appalachian Regional Commission in 2018 at $152 million and reject the Trump Administration’s proposal to end the state-federal partnership.
The project will be administered through the Virginia Department of Transportation (VDOT) and the Federal Highway Administration (FHWA).
###
Statement of U.S. Sens. Warner & Kaine On Anthem’s Decision to Re-enter Certain Va. Health Care Markets
Sep 15 2017
WASHINGTON – U.S. Sens. Mark R. Warner and Tim Kaine (both D-VA) issued this joint statement following an announcement by Anthem that it will re-enter 63 counties or cities in Virginia where consumers otherwise would be left without any insurance options in the 2018 Affordable Care Act exchanges. Both senators were engaged in efforts to resolve this challenge prior to today’s deadline for notifying the Bureau of Insurance at the State Corporation Commission.
“We are glad Anthem is re-entering the Virginia individual health care exchange to provide thousands of Virginia consumers with coverage in places where they might have had none. This is welcome news for Virginians in rural communities, who have been hit particularly hard by health care uncertainty. It's time for the Trump Administration to stop their efforts to sabotage and destabilize the markets, which resulted in fewer choices and higher premiums for 2018. We will continue to work in Congress with colleagues regardless of party to fix the existing Affordable Care Act to ensure a stable market, lower costs, and improve coverage.”
The Senate HELP Committee has been holding bipartisan hearings this month on measures to stabilize the health insurance market, including proposals like Kaine’s bill to help stabilize the individual health care marketplace and lower premiums through reinsurance. On Thursday, he called on insurers like Anthem to stop depriving people in rural Virginia of opportunities by limiting coverage options or pulling out of the individual markets. State health insurance commissioners and health care experts have expressed support for reinsurance as a way to increase certainty in the marketplace.
Senator Warner sits on the Senate Finance Committee, which is holding hearings on expanding consumer options and making health care coverage more affordable for American families. Senator Warner has offered several commonsense proposals to increase competition in the health care marketplace, lower health care costs, and make the Affordable Care Act work better for more Virginians.
###
WASHINGTON, D.C. -- Today, U.S. Senators Mark Warner and Tim Kaine announced $1,357,959 in federal funding for nine Virginia fire departments through the Federal Emergency Management Agency (FEMA). The funding for nine fire departments in Concord, Chilhowie, Fairfax, Gasburg, Glade Spring, Kenbridge, Lovingston, Newport News, and Norton will be awarded through FEMA’s Assistant to Firefighters Grant (AFG) Program.
“This federal funding will provide fire departments with critical support to enhance training operations and purchase life-saving equipment that will help keep Virginians safe,” the Senators said.
The following Virginia fire departments will receive funding under the AFG program:
- The Concord Volunteer Fire Department will receive $64,762 to purchase vehicle extrication equipment;
- The Town of Chilhowie Fire & EMS Department will receive $60, 313 to purchase portable and mobile radios;
- The City of Fairfax Fire Department will receive $136, 182 to support training operations for firefighters;
- The Gasburg Volunteer Fire Department will receive $46,116 to purchase an air compressor and fill station equipment;
- The Glade Spring Volunteer Fire Department will receive $38,096 to purchase an air compressor and fill station equipment.
- The Kenbridge Fire Department will receive $54,739 to update its source capture exhaust system technology;
- The Lovingston Volunteer Fire Department will receive $142,381 to purchase self-contained breathing apparatus equipment;
- The City of Newport News Fire Department will receive $404,600 to purchase power lift cots and stretchers and;
- The City of Norton Fire Department will receive $320,358 to purchase self-contained breathing apparatus equipment and face pieces.
The primary goal of FEMA’s AFG program is to enhance the safety of the public and firefighters by providing direct financial assistance to eligible fire departments, nonaffiliated Emergency Medical Services organizations and State Fire Training Academies for critically-needed resources.
###
Sen. Warner Asks FTC to Probe Equifax Data, Security Practices & Customer Service Response After Recent Hack
Sep 13 2017
WASHINGTON – U.S. Sen. Mark R. Warner (D-VA), a member of the Banking, Budget and Finance committees and cofounder of the bipartisan Senate Cybersecurity Caucus, today asked the Federal Trade Commission to examine the recent cyber hack of credit reporting agency Equifax. Last week, Equifax publically disclosed a breach which exposed sensitive personal information of 143 million Americans.
Sen. Warner requested an FTC investigation into the lapse in Equifax cybersecurity practices, and questioned the company’s widely-panned response to consumers potentially impacted by the breach. His letter asks the FTC to examine whether credit reporting agencies such as Equifax have adequate cybersecurity safeguards in place for “the enormous amounts of sensitive data they gather and commercialize.”
Sen. Warner has been a leader in calling for better consumer protections from data theft. In the aftermath of the Target breach that exposed the debit and credit card information of 40 million customers, Sen. Warner in 2014 chaired the first congressional hearing on protecting consumer data from the threat posed by hackers targeting retailers’ online systems. Sen. Warner also partnered with the National Retail Federation to establish an information sharing platform that allows the industry to better protect consumer financial information from data breaches.
Sen. Warner has been working to develop bipartisan legislation to create a comprehensive, nationwide and uniform data breach standard requiring timely consumer notification for breaches of financial data and other sensitive information.
The text of the letter is below and can be found here.
September 13, 2017
The Honorable Maureen K. Ohlhausen
Acting Chairwoman
Federal Trade Commission
600 Pennsylvania Avenue, NW
Washington, D.C. 20580
Dear Acting Chairwoman Ohlhausen,
I write you in the wake of reports that one of the nation’s three major credit reporting agencies has suffered one of the largest, and potentially most impactful, breaches in recent history. According to reports, Equifax in May of this year experienced a breach affecting as many as 143 million consumers, with highly sensitive information such as Social Security numbers, driver’s license records, birthdates, addresses, and credit histories potentially at risk. This information – critical to opening a new bank account or taking out a loan – will expose Americans to identity theft, tax fraud, extortion, and other risks.
By streamlining and routinizing the collection of consumer reports and credit history, the Fair Credit Reporting Act in part enshrined the nation’s major credit reporting agencies’ role as arbiters of Americans’ access to credit, and even employment and residential opportunities. At the same time, Congress sought to ensure that these firms “exercise their grave responsibilities” with a “respect for the consumer’s right to privacy,” including through “reasonable procedures…with regard to the confidentiality, accuracy, relevancy, and proper utilization of such information[.]” And Congress directed the Federal Trade Commission (“Commission” or “FTC”) to enforce key aspects of the law, including by treating violations of the FCRA as unfair or deceptive practices under the Commission’s Section 5 authority.
Today’s digital economy, in which data increasingly represents a key input, has only amplified the reach of these firms, and provided them with incentives to collect and centralize ever-growing amounts of sensitive personal information, and to commercialize this data in opaque ways. The volume and sensitivity of the data potentially involved in this breach raises serious questions about whether firms like Equifax adequately protect the enormous amounts of sensitive data they gather and commercialize.
As someone who has worked for several years with stakeholders and a bipartisan group of lawmakers on legislation to establish a comprehensive, nationwide and uniform data breach standard, I recognize Congress’s unfinished work in this area. I am hopeful that this recent development will help galvanize action among my colleagues in Congress to safeguard American consumers and our nation’s economic security.
At the same time, aspects of this breach raise questions about the data security practices of Equifax that implicate the Federal Trade Commission’s existing authority. In particular, press reports and cybersecurity experts have identified a number of security lapses, including in the days following Equifax’s disclosure of the breach, that potentially indicate a pattern of security failings.
While the precise details of the “website application vulnerability” exploited in the Equifax breach are not yet known, experts have pointed to a wide range of other lapses by Equifax – including in the wake of the breach – that indicate exceptionally poor cybersecurity practices. For instance, experts have pointed to an exceedingly broad attack surface, with thousands of domains and subdomains managed by Equifax across hundreds of network hosts. And security experts have identified a range of antiquated, unpatched, or otherwise vulnerable systems maintained by Equifax.
Equifax’s post-breach actions also raise serious concerns about the company’s data security practices. For instance, Equifax chose to register a new domain, Equifaxsecurity2017.com – but not in its own name. Reports also catalogued a litany of security mistakes, including use of potentially insecure content management software and improperly configured web encryption. These, and other lapses, resulted in a range of popular web browsers flagging Equifax’s site as a potential phishing or scam site.
Equally alarming have been Equifax’s procedures for handling customer inquiries. In order for a concerned consumer to determine if they may have been impacted, Equifax requires the consumer to submit their last name and six digits of their Social Security number. The security of this procedure is as questionable as its efficacy: researchers noted that entering the last name “Test” and the Social Security numbers “123456” returned a confirmed breach.
Similarly alarming, when concerned consumers elect to place a credit freeze with Equifax – something the Commission encourages them to do – the PIN that Equifax assigns to that consumer is a simple, non-unique timestamp (formatted as, for instance, “0910170930” for a user that submitted a request at 9:30AM on the 10th of September). Separately, experts have noted that Equifax’s central website, where American consumers go to set up credit account monitoring, features cross-site scripting vulnerabilities that would enable an attacker to execute malicious code to, for instance, redirect submitted form data (such as the Social Security number the Equifax site requests) to an attacker.
Taken as a whole, and given past breaches by other major credit bureaus, these lapses may potentially represent a systemic failure by firms currently incentivized to collect and store highly sensitive identification and financial data for Americans. The volume and sensitivity of the data involved – information critical to identity management and access to consumer credit – distinguishes this breach from many other breaches of consumer data. And in contrast to other breaches, where consumers might respond to the perceived lack of data security by taking their business elsewhere, those affected by last week’s breach in most cases do not have a direct consumer relationship with Equifax.
The implications of a breach of this magnitude are sobering, as this identifying data forms the basis for consumer credit and other financial transactions. Congress foresaw this threat in 1970, noting that failures of this industry could “undermine the public confidence which is essential to the continued functioning of the banking system.” In ways similar to the financial service industry’s systemic risk designation, I fear that firms like Equifax may illustrate a set of institutions whose activities, left unchecked, can significantly threaten the economic security of Americans.
I respectfully request that you respond to the following questions:
- 1. Equifax is currently under a consent decree with the Commission for violations of the Fair Credit Reporting Act related to improper handling of consumer information. Does that consent decree provide the Commission with additional remedies in the context of Equifax’s data security practices?
- 2. Given the current inability of consumers to cease doing business with a credit reporting agency which displays an arguably cavalier attitude toward cybersecurity, should the Fair Credit Reporting Act be amended to provide the Commission authority to issue rules requiring credit reporting agencies to establish a way for consumers to “opt out” of having their information stored by a particular credit reporting agency?
- 3. In many cases, Equifax collects and maintains sensitive information about consumers as a service to other businesses. Under state data breach notification statutes, a breached service provider need only inform the business it provides service to about the breaches it suffers, and has no obligation to provide public notice that it incurred the breach. In recent breach incidents involving third-party service providers, some companies (e.g., Heartland, Experian, Anthem, etc.) have provided public notice that their breach affected consumers. Would the FTC support legislation that requires all entities suffering a breach of security that creates a significant risk of financial harm, to make public notice of that breach in order to ensure a more timely and effective form of notice?
- 4. Do you interpret the Fair Credit Reporting Act to include heightened data security standards and/or requirements, given Congress’s unique concern about the “confidentiality, accuracy…and proper utilization” of this highly sensitive data?
- 5. The Commission has suggested that consumers place a credit freeze with the three major credit bureaus. Does the Commission consider a timestamp to be a sufficiently strong PIN for unfreezing a consumer’s account?
- a. Has the Commission issued guidance to credit reporting agencies on adequate security and data protection measures associated with credit freezes?
- b. Should this guidance be updated in light of security concerns with the site Equifax maintains to process credit monitoring and freeze requests?
- 6. Should Congress limit the ability of credit reporting agencies to sell data outside specific contexts, such as credit, banking, and employment inquiries?
- 7. Does the Commission hold lapses in data security practices in response to a breach to a higher standard than data security practices related to the breach itself?
- 8. Do adequate incentives to use reasonable data security practices, or penalties to deter unreasonable data security practices, exist to counter-balance the profit incentives to collect, centralize, and maintain large quantities of highly sensitive personal information of American consumers?
The American people deserve to know that their government is serious about learning from and responding to this truly concerning incident, and that it is taking all appropriate steps to help ensure it cannot happen again. Your response will be critical to this process, and I look forward to receiving that within the next two weeks. If you should have any questions or concerns, please contact my office.
As always, I appreciate your service in this important role. Thank you for your timely consideration of this matter.
Sincerely,
MARK R. WARNER
United States Senator
###
WASHINGTON, D.C. – Today, U.S. Senators Tim Kaine and Mark Warner applauded the Senate Indian Affairs Committee for their unanimous passage of the Thomasina E. Jordan Indian Tribes of Virginia Federal Recognition Act of 2017. The legislation would grant federal recognition of six Virginia tribes: the Chickahominy, the Eastern Chickahominy, the Upper Mattaponi, the Rappahannock, the Monacan, and the Nansemond. These tribes have received official recognition from the Commonwealth of Virginia, but have not received federal recognition, which would grant the tribes legal standing and status in direct relationships with the U.S. government. The legislation will now advance to the full Senate for consideration.
“The Committee’s vote today is an important step in bringing six Virginia tribes closer to receiving federal recognition,” said Kaine and Warner. “This bill gives Virginia’s tribes access to the educational and health care services they deserve and allows members of these tribes to properly pay tribute to their ancestors.”
Federal recognition would allow Virginia’s tribes legal standing and status in direct relationships with the U.S. government. Further, it would allow tribes to:
- Compete for educational programs and other grants only open to federally recognized tribes;
- Repatriate the remains of their ancestors in a respectful manner. Many of these remains reside in the Smithsonian, but without federal status there is no mandate to return the remains; and
- Provide affordable health care services for elder tribal members who have been unable to access care.
The Senate companion bill of this legislation, introduced by Kaine and Warner, passed the Committee in May. This version, which originated in the House of Representatives and was introduced by Virginia Congressman Rob Wittman, passed in the House unanimously and will now be considered by the full body of the Senate.
###
WASHINGTON – Congress today approved a bipartisan, bicameral resolution led by Sens. Mark R. Warner and Tim Kaine (both D-VA)—prompted by the violence and domestic terrorist attack in Charlottesville, Va. last month—condemning white nationalists, white supremacists, the Ku Klux Klan, neo-Nazis and other hate groups. The joint resolution (S. J. Res. 49) also calls upon the Trump Administration to use all available resources to improve data collection on hate crimes and to work in a coordinated way to address the growing prevalence of hate groups.
“Our nation’s elected leaders have a responsibility to stand up to forces of hatred and bigotry wherever they may be found. What happened in Charlottesville was domestic terrorism perpetrated by white supremacists who tragically cut short the life of a young woman, Heather Heyer, and led to the deaths of two Virginia State Police troopers Berke Bates and Lt. Jay Cullen. The United States Congress has spoken up with one voice to recognize the lives of those we lost, to unconditionally condemn racist speech and violence, and to denounce the white nationalists, neo-Nazis, the KKK, and other hate groups,” said the Senators. “We hope that President Trump will move quickly to sign this resolution and commit his Administration to address the rise of hate groups.”
The legislation was co-sponsored in the Senate by 57 bipartisan Senators, including Sens. Cory Gardner (R-CO), Johnny Isakson (R-GA), Richard Blumenthal (D-CT), and Lisa Murkowski (R-AK).
A companion version with identical language was introduced in the U.S. House of Representatives last week by Reps. Tom Garrett (R-VA-5) and Gerald Connolly (D-VA-11) with support from the entire Virginia House delegation.
The joint resolution recognizes the death of Heather Heyer, 32, and the injuries suffered by many others after a car allegedly driven by a neo-Nazi slammed into a crowd of counter-demonstrators in Charlottesville. The resolution specifically describes that event as a “domestic terrorist attack.” The resolution also acknowledges the heroism and public service of Virginia State Police troopers Berke Bates and Lt. Jay Cullen, who died in the crash of their helicopter while monitoring the protests. Finally, it expresses support for the people of Charlottesville as that community heals “following these acts of violent bigotry.”
The joint resolution also has the support of the Leadership Conference on Civil and Human Rights, the Anti-Defamation League and the NAACP Legal Defense Fund. It now heads to President Trump for his signature.
The text of the resolution is available here. More background on how a Joint Resolution works is available here.
###
WASHINGTON --The U.S. Senate unanimously passed bipartisan legislation introduced by Sens. Mark R. Warner (D-VA) and Pat Toomey (R-PA), members of the Senate Banking and Finance Committees, which would make it easier for private companies to award stock as part of an employee's compensation. The Encouraging Employee Ownership Act will entice private corporations to give their employees larger equity stakes in their companies and promote longer-term investing.
“Giving employees the opportunity to acquire stock provides them with a greater sense of ownership in their companies and has a positive impact in workplace culture,” said Sen. Warner, a former technology executive. “Allowing employees to have a stake in the success of where they work will help promote greater productivity and wealth creation and get this economy working better for more people.”
Established nearly two decades ago, current Securities and Exchange Commission rules force companies that wish to issue more than $5 million in stock to employees to comply with onerous reporting and disclosure requirements. For new and fast-growing companies, stock compensation is a valuable tool, but many privately-held companies are reluctant to cross this threshold due to the mandatory reporting requirement.
Under the Warner-Toomey bill, this threshold would increase to $10 million and would automatically index to account for inflation every five years.
The bill has been endorsed by the private supermarket chain Wegmans, and the company BIO.
###
Statement on Trump Administration's Review of Department of Education Guidelines on Campus Sexual Assault
Sep 08 2017
WASHINGTON — U.S. Sen. Mark R. Warner (D-VA) released the below statement on the Trump Administration's review of Department of Education guidelines on campus sexual assault:
"The Trump Administration’s review of 2011 guidance about sexual assault enforcement responsibilities on college campuses and at K-12 schools under Title IX should be a red flag for those of us who care deeply about student safety. We should be vigilant in monitoring this process and look for opportunities to engage constructively when possible. Any reconsideration of the current guidance should prioritize the needs of survivors and facilitate improvements in how schools investigate, adjudicate and work to prevent sexual assaults. I hope Secretary DeVos recognizes the gravity of her responsibility: young people across the country are counting on her to get this right."
WASHINGTON – U.S. Sen. Mark R. Warner (D-VA), a former technology executive, Vice Chairman of the Senate Intelligence Committee, member of the Senate Banking Committee, and cofounder of the bipartisan Senate Cybersecurity Caucus, released the following statement on today’s announcement from credit reporting firm Equifax that a data breach could have potentially affected 143 million consumers in the United States:
“The recent news that one of the largest credit reporting agencies and data brokers in the U.S. suffered a breach involving over 143 million Americans is profoundly troubling. While many have perhaps become accustomed to hearing of a new data breach every few weeks, the scope of this breach – involving Social Security Numbers, birth dates, addresses, and credit card numbers of nearly half the U.S. population – raises serious questions about whether Congress should not only create a uniform data breach notification standard, but also whether Congress needs to rethink data protection policies, so that enterprises such as Equifax have fewer incentives to collect large, centralized sets of highly sensitive data like SSNs and credit card information on millions of Americans. It is no exaggeration to suggest that a breach such as this – exposing highly sensitive personal and financial information central for identity management and access to credit– represents a real threat to the economic security of Americans.”
Sen. Warner has been a leader in calling for better consumer protections from data theft. In the aftermath of the Target breach that exposed the debit and credit card information of 40 million customers, Sen. Warner in 2014 chaired the first congressional hearing on protecting consumer data from the threat posed by hackers targeting retailers’ online systems. Sen. Warner also partnered with the National Retail Federation to establish an information sharing platform that allows the industry to better protect consumer financial information from data breaches.
Sen. Warner has been working to develop bipartisan legislation to create a comprehensive, nationwide and uniform data breach standard requiring timely consumer notification for breaches of financial data and other sensitive information.
###
WASHINGTON — U.S. Sen. Mark R. Warner (D-VA) released the below statement on Randal Quarles, President Trump’s nominee to be the Federal Reserve's Vice Chairman for Supervision:
“While Mr. Quarles and I do not agree on every issue—such as his support for a rigid monetary policy rule that would have hamstrung the Fed’s response to the financial crisis—I believe he is well qualified to be the top regulator at the Fed. I expect his experience in public service and the private sector will aid him in the development of financial regulatory policy. In my role on the Senate Banking Committee, I look forward to working with him to ensure we have a financial regulatory system that promotes growth and stability, and maintains the tools included in Dodd Frank to wind down large financial institutions. As I’ve done with Mr. Quarles, I will be carefully reviewing the credentials and views of any future Fed nominees. The President should seek candidates who can gain bipartisan support.”
Sens. Warner, Kaine, Gardner, Isakson Lead Bipartisan Resolution Condemning White Nationalists, Neo Nazis And Other Hate Groups
After Charlottesville, resolution urges Trump Administration to address threats posed by hate groups
Sep 06 2017
WASHINGTON – This morning, during the first full session of the Senate since the deadly violence that occurred in Charlottesville, Va., on August 11 and 12, 2017, U.S. Sens. Mark R. Warner (D-VA), Tim Kaine (D-VA), Cory Gardner (R-CO) and Johnny Isakson (R-GA) are introducing a bipartisan resolution condemning white nationalists, white supremacists, the Ku Klux Klan, neo-Nazis and other hate groups. The joint resolution (S. J. Res.) also calls upon the Trump Administration to use all available resources to improve data collection on hate crimes and to work in a coordinated way to address the growing prevalence of hate groups.
The joint resolution recognizes the death of Heather Heyer, 32, and the injuries suffered by 19 other people after a car allegedly driven by a neo-Nazi slammed into a crowd of counter demonstrators in Charlottesville. The resolution specifically describes that event as a “domestic terrorist attack.” The resolution also acknowledges the heroism and public service of Virginia State Police troopers Berke Bates and Lt. Jay Cullen, who died in the crash of their helicopter while monitoring the protests. Finally, the resolution expresses support for the people of Charlottesville as that community heals “following these acts of violent bigotry.”
The Senators hope for quick action by the Senate to pass the resolution, which has support from the Leadership Conference on Civil and Human Rights, the Anti-Defamation League, and the NAACP Legal Defense Fund. The text of the resolution is available here.
###