After members of Congress grilled former Equifax CEO Richard Smith at four hearings this week, one thing is clear: There is outrage on both sides of the aisle over the massive data breach.
But what will they do about it?
The three major credit rating agencies, Equifax, Experian, and TransUnion, aren't going away. They are an integral part of the U.S. credit system, and it would be difficult for consumers to get a mortgage, a loan, or even a credit card without them.
Some Democrats are calling for a total overhaul of the industry because credit rating agencies don't currently have an economic incentive to help protect consumers' data.
"Equifax won't be losing any business as a result of its failures... And that's because those consumers aren't actually your customers. They are your product," Senator Al Franken told Smith during a hearing Wednesday.
Each of the three agencies have credit reports on most, if not all, American consumers and they sell that data to lenders.
What Congress can do now is give consumers more control over what companies can see their personal data and when. While that won't prevent future hacks, it could help consumers protect themselves from identity theft.
Since the Equifax breach, three bills have been introduced in Congress that would make credit freezes free at all three agencies. Another bill would make credit freezes free for fraud victims, senior citizens, and active duty service members, and limit the cost for all other consumers to $3.
2. Simplify the freezing process
The process currently varies by state. Sometimes consumers can do it online or over the phone, but others may have to send in verifying documents through the mail.
But a new federal law could create a standard process that requires the credit rating agencies to comply with your request quickly.
Senator Elizabeth Warren's Freedom from Equifax Exploitation (FREE) Act would require credit rating agencies to put a freeze in place within one business day of the request. It would allow 15 minutes to lift a freeze if requested online or by phone, and one day if by mail.
Typically, you'll be given a PIN that you'll need to remember in order to lift your freeze in the future. Smith has said that Equifax's new "credit lock" tool won't require a PIN. Instead, a consumer would log into their account with a username and password and be able to toggle a lock on and off from an app on their smartphone.
3. Give consumers unlimited access to credit reports
A credit report should show if someone has opened a new credit card account or loan in your name. Not all lenders report information to all three agencies though, so experts suggest reviewing all three.
But under federal law, consumers are allowed to request just one copy of their credit report from each of the credit rating agencies for free annually. After that, consumers can be charged up to $17 for an additional copy of their report, depending on where they live.
4. Change the dispute process
If your identity is stolen, it can be a cumbersome process to correct your credit reports. Consumers must contact each credit rating agency to prove the information is wrong, and sometimes seek legal help.
Consumers currently have no choice. Equifax, Experian and TransUnion have their personal information whether they like it or not.
On one hand, it could hurt consumers if they pull out of the credit rating system. Credit reports makes it easier for banks to decide to lend to us. But some members of Congress suggested that consumers should at least be given the option to have their data stored by the other two rating agencies only.
"Do we need to change the consumer reporting industry in this country to give Americans ownership of the data? For example, should they be allowed to request that you delete the data from your systems?" asked Senator Sherrod Brown.
Smith did not agree. The service Equifax provides consumers is "vital," he said.
At a separate hearing, cybersecurity expert Jamie Winterton said a choice to opt out could create an incentive for credit rating agencies to put stronger security in place. Without the data, a credit rating agency doesn't have a product to sell.
No proposed legislation includes a provision that would allow consumes to opt out of a credit rating agency.
6. Replace Social Security numbers
After other breaches, like the one at Yahoo, changing your password may be all you need to do to protect yourself. But the Equifax hack exposed Social Security numbers, which stay with you forever.