Mick Mulvaney, head of the Consumer Financial Protection Bureau, has pulled back from a full-scale probe of how Equifax failed to protect the personal data of millions of consumers, according to people familiar with the matter.
Equifax said in September that hackers stole personal data it had collected on some 143 million Americans. Richard Cordray, then the CFPB director, authorized an investigation that month, said former officials familiar with the probe.
But Cordray resigned in November and was replaced by Mulvaney, President Donald Trump's budget chief. The CFPB effort against Equifax has sputtered since then, said several government and industry sources, raising questions about how Mulvaney will police a data-warehousing industry that has enormous sway over how much consumers pay to borrow money.
The CFPB has the tools to examine a data breach like Equifax, said John Czwartacki, a spokesman, but the agency is not permitted to acknowledge an open investigation. "The bureau has the desire, expertise, and know-how in-house to vigorously pursue hypothetical matters such as these," he said.
Three sources say, though, Mulvaney, the new CFPB chief, has not ordered subpoenas against Equifax or sought sworn testimony from executives, routine steps when launching a full-scale probe. Meanwhile, the CFPB has shelved plans for on-the-ground tests of how Equifax protects data, an idea backed by Cordray.