By Elizabeth Warren

The Equifax hack has been a nightmare for more than 145 million Americans whose Social Security numbers, credit card numbers, driver’s license numbers, and passport numbers were stolen.

At best, it’s been a giant hassle – time on hold with credit reporting agencies, confusion about what’s been stolen and what to do about it, and fees for this service or that service. At worst, it could be ruinous – a lifetime of responsible spending and borrowing wiped out by fraud and theft.

But here’s the part that really makes me grind my teeth: Equifax may make money off the hack. With so much data compromised, a lot of worried people and businesses are buying credit monitoring services, sometimes directly from Equifax and sometimes from other companies that use Equifax in the back office. And, under the current rules, Equifax faces only limited legal liability. No wonder Equifax’s stock price has rebounded since the hack.

That’s just not right. In fact, it’s outrageous. Let’s fix the problem so it doesn’t happen again.

Today, Senator Mark Warner and I introduced the Data Breach Prevention and Compensation Act. Our bill imposes substantial mandatory penalties for data breaches at credit reporting companies like Equifax – and provides real compensation for affected consumers.

Add your name if you support holding companies like Equifax accountable – and stopping these kinds of breaches from happening again. Sign our petition to support the Data Breach Prevention and Compensation Act.

After Equifax announced the data breach in September, our Senate office launched a broad investigation into how this mess happened, how Equifax responded, and what we could do to better protect consumers.

We found that Equifax’s incentives were all out of whack. They had no financial reason to protect your data – so they didn’t. We want to change that.

The Data Breach and Prevention Act would impose mandatory penalties on credit reporting agencies for breaches of consumer data: A $100 base penalty per consumer who had one piece of personal information compromised, and another $50 for each additional piece of personal information compromised per consumer, up to a cap of half of the company’s revenue from the prior year. If our bill had been the law during the Equifax breach, the company would have had to pay at least $1.5 billion. A penalty like that would have gotten their attention! And, going forward, a penalty like that would force these corporations to invest more in keeping people’s personal data secure.

To help put money back into people’s pockets, the bill would also require the Federal Trade Commission to compensate affected consumers with half the penalty money – and it would direct the other half to monitoring data security at credit reporting companies so these kinds of breaches don’t happen again.

The Data Breach Prevention and Compensation Act is an important new bill to protect your personal information – and to hold companies responsible for your personal information accountable if there’s another breach. Sign our petition to show your support.

Companies like Equifax – and their lobbyist buddies at the US Chamber of Commerce – are going to fight this bill with everything they’ve got. When they attack me for standing up to corporate interests, I know we’re doing our jobs. We need you in this fight with us.