WASHINGTON — House Republicans and Democrats interrogated Equifax’s former chief executive Tuesday over the massive data hack of the personal information of 145 million Americans, calling the company’s response inadequate as consumers struggle to deal with the breach.

Former Equifax CEO Richard Smith apologized for the compromise of such information as names, addresses, birth dates and Social Security numbers. Smith was the lone witness at the first of several Capitol Hill hearings this week. No current Equifax official testified.

“I am here today to say to each and every person affected by this breach, I am truly and deeply sorry for what happened,” Smith said.

Democrats favor legislation that they say would establish strong data-security standards and prompt notification and relief for consumers when their information is hacked. But Republicans tamped down expectations for any congressional action, since Congress already has rolled back several Obama-era rules affecting businesses and the financial sector this year.

“Equifax deserves to be shamed in this hearing, but we should also ask what Congress has done, or failed to do, to stop data breaches from occurring,” said Rep. Jan Schakowsky, D-Ill.

Rep. Bob Latta, R-Ohio, chairman of the subcommittee examining the breach, said there are already laws on the books that require companies to secure sensitive consumer data. He said hearings before four House and Senate panels this week should run their course before lawmakers make a decision about what to do next.

Advertisement

“The big thing we heard today is it was a very human error on their part,” Latta said.

Smith offered a timeline of what went wrong, saying the Department of Homeland Security warned the company March 8 about the need to patch a particular vulnerability in software used by Equifax and other businesses. The company disseminated that warning by email the next day and requested that applicable personnel install the upgrade. The company’s policy requires the upgrade to occur within 48 hours, but that did not occur.

In late July, data security officials noticed suspicious activity on a website, which Smith said “happens routinely around our business.” He said an internal investigation ensued and he was alerted the next day, but he had no knowledge at that time that consumers’ personal information had been accessed.

Smith said the full extent of what occurred emerged during a meeting he had with cybersecurity experts and outside counsel on Aug. 17. The board was alerted the following week and the public on Sept. 7, after the company had made plans for how it would try to help consumers respond.

The timeline laid out by Smith didn’t satisfy many lawmakers, who accused the company of being too slow.

“I worry that your job today is about damage control. You put a happy face on your firm’s disgraceful actions, and then depart with a golden parachute,” said Ben Ray Lujan, D-N.M. “Unfortunately, if fraudsters destroy my constituents’ savings and financial futures, there’s no golden parachute awaiting them.”

Advertisement

Lawmakers said that at one point Equifax tweeted the wrong link for consumers to check to learn if they were part of the breach. “Talk about ham-handed responses, this is simply unacceptable,” said Rep. Greg Walden, R-Ore.

Smith said he was disappointed in the rollout of call centers and a website designed to help the people affected by the breach. He said the company has increased its number of customer service representatives and the website has been improved. Smith said more than 400 million consumers contacted the company in the weeks after the announcement of the breach, and the company wasn’t prepared for that kind of volume.

Lawmakers said they’re getting scores of calls from constituents concerned that their information was stolen and about the potential ramifications in the years ahead. Rep. Ryan Costello, R-Pa., said hundreds of constituents have contacted his office about the company’s response.

“The slow rollout and how poorly it was done, to me, it was just inexcusable,” Costello said.


Only subscribers are eligible to post comments. Please subscribe or login first for digital access. Here’s why.

Use the form below to reset your password. When you've submitted your account email, we will send an email with a reset code.