Last Thursday, credit-reporting agency Equifax disclosed that hackers had broken into the company’s systems and stolen driver‘s license, Social Security numbers, and credit-card numbers, birth dates, names, and addresses, in a massive security breach that may have affected as many as 143 million Americans. And yet, somehow, the bad news was just beginning. It was quickly revealed that Equifax knew about the hack for more than a month before it told the public; that three senior executives with remarkably good timing had sold $1.8 million in Equifax shares just days after the breach was discovered but weeks before any outsiders knew; and that a Web site set up by Equifax to help people learn if their information had been compromised was also designed to trick everyone who used it into waiving their rights to sue. And apparently, if Equifax had had its way, it could’ve been a lot worse! For the victims, of course.

The Wall Street Journal reports that in the months leading up to the attack, the Equifax spent at least $500,000 lobbying federal regulators and Congress to relax regulation of credit-reporting companies. Among the focus of its requests? “Data security and breach notification,” “cyber security threat information sharing,” and the coup de grace: “limiting the legal liability of credit-reporting companies.”

Amazingly, a panel of the House Financial Services Committee convened to discuss the legal liability issue the very same day that Equifax revealed that it may have allowed the financial data for nearly half the country to be compromised. During the hearing, National Consumer Law Center attorney Chi Chi Wu said the proposed legislation—which would cap the statutory damages consumers could be awarded in a suit against companies like Equifax at $500,000—“drastically decreases the consequences for credit bureaus” when laws are broken. Representative Barry Loudermilk, a sponsor of the bill, was apparently totally offended by the characterization, saying the bill was intended “to protect consumers and all Americans.”

In a twist that you may want to sit down before reading, the Journal notes that Loudermilk has received thousands in contributions from Equifax’s political-action committee, which also donated money to all 13 members of the Financial Services Committee during the 2016 election cycle. Equifax told the Journal that its PAC contributions “are made in a legal, ethical, and transparent manner.”