A massive hack of Equifax, one of three major U.S. credit reporting agencies, has compromised the personal data of as many as 143 million Americans.

This is only the latest cybersecurity breach that put at risk information that could jeopardize the finances of victims for years to come. With every such episode, Americans are reminded anew of how little control they have over their most sensitive information. It is a disgrace that Congress has taken so little action to protect the privacy of personal credit data. A single instance of identity theft can wreak havoc on victims, wrecking their credit. Repairing the damage can take years, in part because credit reports are notoriously difficult to amend.

The Equifax breach is as an opportune moment for Americans to demand better. Minnesota U.S. Sen. Al Franken is teaming up with other senators on a bill that would provide individuals with greater control over their personal information.

The Data Broker Accountability and Transparency Act would require data brokers such as Equifax to develop comprehensive security measures and provide “reasonable notice” in the event of a breach. Consumers would have to be given a way to correct their information.

“We’re all so vulnerable,” Franken said. “These data aggregators are not necessarily securing your information, and they’re taking it without your knowing it.”

Equifax now is providing free credit monitoring for a year and will not charge affected consumers who wish to freeze their credit, a move that requires individual consent before anyone other than existing debtholders or their collectors can access personal data. But those actions came only after pressure, and the monitoring program has proved difficult to access because of the sheer volume.

The company claims to be “overwhelmed” and says it is working to smooth out glitches. That’s not reassuring for one of the largest data brokers in the country charged with safeguarding the credit history of a majority of Americans. Franken said he remains concerned that consumers will be charged for monitoring and that they won’t be able to sue the company if necessary. Initially Equifax had required, as part of the monitoring agreement, that consumers agree to mandatory arbitration. The company backed off that, too, after sufficient backlash.

Franken said the company also should be required to provide more than one year of monitoring at no cost to victims. The effects of data breaches can ripple out for years. That’s also a good reason to demand that the company provide a longer sign-up period. Right now the window for free monitoring closes in November. That’s too soon for such a serious breach.

Credit companies will push back hard on Franken’s proposals, but consumers should demand an end to companies profiteering off their private information. Individual consent should become the new standard for accessing personal financial data.