The Equifax data breach is prompting members of Congress and consumer advocates to call for better protection of consumers' sensitive financial information.

Sen. Elizabeth Warren, a staunch advocate for consumer rights, introduced a bill on Friday that would give consumers more control over their credit data. She also called for an investigation into the Equifax hack, which may have compromised the credit information of about 143 million Americans. 

Warren, a Massachusetts Democrat who is a member of the Senate Banking Committee, sent a letter to the three main credit monitoring agencies asking them to explain their security measures before the data breach and to describe their information-sharing afterward. None of the agencies were immediately available to comment to inquiries from Consumer Reports. We will update when we hear back.

More On The Equifax Data Breach

On Thursday, Consumers Union, the policy and mobilization arm of Consumer Reports, also sent a letter to Equifax CEO Richard Smith, calling the company’s response to the breach “wholly inadequate” and outlining steps to remediate the situation, including paying for credit freezes, processing disputes promptly, and setting aside funds to compensate consumers.

The Equifax CEO is scheduled to testify before the House Energy and Commerce Committee on October 3. The Federal Trade Commission, meanwhile, announced it was investigating the Equifax breach. And Connecticut Attorney General George Jepsen announced that his office has initiated a formal multi-state investigation into the hack.

After Equifax announced on Sept. 7 that it had been hacked, millions of consumers scrambled to freeze access to their credit reports at each of the big three credit monitoring bureaus, Equifax, Experian and TransUnion.

But freezing your credit report can be a pricey and complicated process. Sen. Warren, a Massachusetts Democrat, said her bill would streamline the process and limit how much credit reporting agencies can profit from placing a freeze on consumer accounts.

“Credit reporting agencies like Equifax collect personal financial data on millions of Americans and rake in billions of dollars in annual revenue selling this information to others,” Senator Warren wrote, announcing the bill. “The Freedom from Equifax Exploitation Act helps address this problem by creating a federal requirement for credit reporting agencies to freeze (as well as temporarily or permanently unfreeze) access to credit files at a consumer's request and at no cost,” she wrote.

Passage of the bill in the Republican-controlled Congress is far from certain, although consumer advocates say the breadth and anger of people affected by the breach may cut across party lines.  

What's in The FREE Act

Senator Warren's letter outlined six consumer protections her bill seeks to enact:

1. Create a uniform, federal process for obtaining and lifting a credit freeze. “Currently, there is no federal requirement for credit reporting agencies to offer consumers a credit freeze, and consumer rights vary widely depending on which state they live in,” Warren wrote. “The bill creates a federal obligation for credit reporting agencies to offer credit freezes and to respond promptly to consumer requests for a freeze, a temporary lift of a freeze, and a permanent removal of a freeze.”

2. Require credit reporting agencies to allow consumers to impose, temporarily lift, or permanently remove a credit freeze for free. “Credit reporting agencies gather information without consumers’ consent and make billions of dollars from selling this data," she wrote. "Consumers should not need to pay to stop credit reporting agencies from allowing others to access their data.”

3. Prevent credit reporting agencies from profiting off the use of consumers’ information for the duration of their credit freeze. “Credit reporting agencies sell lists of consumers with certain characteristics to companies trying to target their marketing. The bill would prohibit credit reporting agencies from putting consumers on those lists for the duration of the credit freeze," Warren's letter said.

4. Enhance fraud alert protections. “The bill will allow consumers to request that a fraud alert be included in their credit file if they have suspicion that they were harmed by the unauthorized disclosure of their personal identifying information," the letter said. "The bill would also extend the length of the alert from 90 days to one year, which can be renewed for an additional year. In the case of identity theft, the bill also provides for a renewable 7-year fraud alert, during the course of which credit reporting agencies are prohibited from including the consumer on a marketing list.”

5. Allow consumers to get a refund on any fee credit reporting agencies charged them to impose a credit freeze in the wake of the Equifax breach. “Equifax put consumers’ files—and, by extension, their financial well-being— at risk," Warren wrote. "No credit reporting agency should profit when one of the three major players in the industry was responsible for putting consumers at greater risk of identity theft. The bill provides an automatic refund for any consumer who paid a credit reporting agency for a credit freeze after the public disclosure of the Equifax breach.”

6. Provide the opportunity for consumers to get an additional free credit report. “Under the Fair Credit Reporting Act, consumers are entitled to one free credit report a year," Warren wrote. "Consumers who have already checked their credit report this year should have the ability to check their report again—at no cost—in order to detect and fix any damage done by the Equifax breach.”

The bill was co-sponsored by a number of Democratic senators, including Robert Menendez, Chris Van Hollen, Kirsten Gillibrand, Richard Blumenthal, Edward Markey, Bernie Sanders, Ron Wyden, Richard Durbin, Jeff Merkley, and Al Franken.

What You Should Do Now

To secure your information and money, take these critical steps:

• Find out if your information is potentially at risk. Sign up for credit monitoring. Freeze your credit (more details).

• Maximize your mutual fund security. Place a fraud alert on credit reports. Secure your smartphone + email (more details).

• Consider digital tools to lock and unlock credit (more details.)  

• After all that's done, make sure to check your accounts regularly and be on the lookout for suspicious activity.

You’ve Been Hacked

Have you experienced suspicious activity on your online accounts? On the "Consumer 101" TV show, Consumer Reports expert Thomas Germain explains how to take back control of your digital privacy.