Credit reporting firm Equifax has taken heat for its response to a major data breach that may affect as many as 143 million Americans, and a United States senator is urging the company to take additional steps to protect the consumers they have exposed to potential harm.

Senator Brian Schatz, D-Hi., wrote a letter Monday addressed to Equifax CEO Richard Smith insisting the company do more to protect consumers, especially those who may have been directly affected by the data breach.

STRUCTURE SECURITY -- USE THIS ONE
Newsweek is hosting a Structure Security Event in San Francisco, Sept. 26-27. Newsweek Media Group

Equifax reported on Sept. 7 that criminals exploited a web application vulnerability that allowed them to gain access to sensitive data stored by the company. The company’s investigation into the breach—which occurred on July 29, 40 days before it was first made public—found unauthorized access to the credit card numbers of approximately 209,000 and personally identifying information of approximately 182,000 U.S. consumers. As many as 143 million consumers may have had data exposed by the breach.

In response, Equifax offered affected consumers a one-year, complimentary subscription to its credit monitoring service TrustedID Premier. Sen. Schatz believes the offering to be “inadequate for several reasons.”

Ignoring the fact the website designed to tell people if they have been affected by the breach tells anyone who enters information into the form they are at risk no matter what they enter and the terms of use for the service subjects the user to an automatic renewal to the service and requires them to pay after the trial ends and signing up for the complimentary service may prevent users from taking part in legal action against Equifax, Sen. Schatz believes the year of protection simply doesn’t go far enough.

One year of credit monitoring is “insufficient given the scope and scale of this data breach,” Schatz wrote in his letter. He noted that those affected by this breach will be at risk of identity theft and other potentially compromising attacks for years to come.

Schatz also raised an important issue for consumers: credit monitoring won’t actually do anything to prevent identity theft. Rather, it helps keep fraudulent activity from occurring on existing accounts. The senator suggested credit security freezes are the best way to combat criminals opening new accounts under another person’s name—and Equifax is currently charging customers to implement a credit freeze.

“If even a fraction of the impacted customers implement security freezes, Equifax stands to make hundreds of millions of dollars from its security failings,” Schatz wrote. He also advised Equifax should pay for or reimburse consumers who want a credit freeze from Experian and TransUnion, the two other major credit reporting firms.

In addition to issuing the letter to Equifax’s CEO, Sen. Schatz also joined Senators Elizabeth Warren, D-Ma.; Bernie Sanders, I-Vt.; Richard Blumenthal, D-Ct; and Jeff Merkley, D-Or., in reintroducing legislation that would aim to make it easier for consumers to know if they are the victim of identity theft and fraud.

The bill, dubbed the Stop Errors in Credit Use and Reporting (SECURE) Act, would also help Americans resolve errors that appear in their credit reports.

“This is one of several important steps Congress can take in the wake of the Equifax cybersecurity breach,” Schatz said in a statement. “Because these credit agencies operate in the dark, they are allowed to be terribly unfair and unaccountable. Millions of Americans have bad credit because of mistakes from credit agencies, and it can ruin lives, stopping people from getting a job or owning a home or car. While I look forward to hearing Equifax management testify under oath before Congress very soon, this bill is another way we can protect consumers.”