WASHINGTON D.C. — A top Democrat on the Senate Banking Committee warned former Equifax CEO Richard Smith not to hide anything from lawmakers after exposing as many as 145 million Americans’ sensitive data.
“Equifax has forfeited its right to corporate secrets,” said Senator Sherrod Brown at a hearing on Wednesday. “So please do not make the same mistakes Wells Fargo did — now is the time to give this committee the whole story.”
It was the second time in two days Smith, who stepped down last week, appeared before Congress to explain what led to the massive breach and to address the company’s gross mismanagement after the hack was made public in September.
“Given the severity of this data breach, Congress will continue to examine the facts behind it and what can be done to prevent similar situations,” said Republican Sen. Mike Crapo, chairman of the committee.
Smith is now appearing before the Senate Judiciary Committee later this afternoon, and slated to go before the House Financial Services Committee on Thursday.
The company is one of three nationwide credit-reporting companies that track and rate the financial history of consumers, gathering data from credit card companies, banks, retailers and lenders.
Federal agencies, state officials and members of Congress are currently probing Equifax over its data security practices, customer service response and the possibility of insider trading from executives.
Smith once again apologized for the company’s failure to protect Americans’ personal information — like names, addresses, and Social Security numbers. But both Republican and Democratic senators expressed anger about how the credit monitoring service company mismanaged the hack and is trying to profit from its mistake.
“You’re making money off of this,” said Sen. Elizabeth Warren, a Democrat from Massachusetts in a tense exchange with Smith. “You’ve got three different ways that Equifax is making money — millions of dollars off its own screw up.”
Equifax is offering consumers one year of credit monitoring for free to protect themselves from identity theft after the hack. After that, consumers will have to pay a standard rate of $17 per year.
Already, 7.5 million Americans have signed up for the service through Equifax. If only one million individuals were to extend the service for an additional year, the company would earn more than $200 million in revenue as a result of this breach, Warren told the committee.
“Equifax did a terrible job of protecting our data because they didn’t have a reason to care to protect our data,” said Warren. “The incentives in this industry are completely out of whack”
Sen. John Kennedy, a Republican from Louisiana, said it seems wrong that consumers should have to pay to ensure data that is being collected by Equifax without their permission and sold to businesses is accurate.
“I don’t pay extra in a restaurant to prevent the waiter from spitting in my food,” said Sen. John Kennedy, a Republican from Louisiana.
Both Republican and Democratic senators ripped into Smith during a two hour hearing on why a company of its size wasn’t better prepared to respond to the attack and why it waited weeks to disclose the breach to the public and Congress.
“It’s not enough for you to say, ‘My goodness look at the magnitude of this,'” said Sen. Heidi Keitkamp, a Democrat from North Dakota. “When you should have anticipated this. The same way you anticipate a fire in a building. You should be ready when it happens.”
Lawmakers also criticized Equifax’s botched response to the breach.
“Even giving you the benefit of the doubt on everything that happened beforehand, your remediation efforts do not pass basic cyber 101 hygiene,” said Sen. Mark Warner of Virginia.
They also raised alarms about the timing of stock sales made by three Equifax executives before the breach was disclosed.
“You all want us to believe is that the three luckiest investors, who sold their stock did so without any knowledge that the suspicious activity may be bigger and more powerful than any other suspicious activity in the history of the company,” said Senator Tim Scott, a Republican from South Carolina. “I find that hard to believe.”