Congress pounced on Richard Smith, the former CEO of Equifax, just minutes into his hearing before the House Energy Committee Tuesday.
“I worry that your job today is about damage control: to put a happy face on your firm’s disgraceful actions and then depart with a golden parachute,” said Rep. Ben Ray Lujan, D-NM, before Smith’s opening remarks.
“Unfortunately, if fraudsters destroy my constituents’ savings and financial futures, there’s no golden parachute awaiting them,” he added.
“The American people deserve answers, and I hope you are prepared to provide them.”
Last week, Smith stepped
Committee members have asked about the company’s failure to fix software vulnerabilities, as well as chief legal officer John Kelley (who is still employed at the company) and his role as head of security, and what Smith knew when he was first notified of the breach in late July.
During the hearing, Rep. Joe Barton, R-TX, suggested during the hearing that credit-reporting agencies should be required to pay consumers when hacked.
“You’re just required to notify everybody and say, ‘So sorry, so sad,'” he said. “We can have this hearing every year from now on if we don’t do anything to change the current system.”
“It would seem to me that you might pay a little more attention if you had to pay everybody whose account got hacked a couple thousand bucks or something,” he added.
Rep. Jan Schakowsky, D-IL, meanwhile, suggested the credit-reporting industry is underregulated.
In September, Equifax reported a massive data breach, saying hackers may have accessed the personal details, including names and Social Security numbers, of more than 143 million consumers from mid-May to July. Equifax, which said it learned of the breach in late July, said credit-card numbers for about 209,000 people and certain documents for another 182,000 were also accessed.
The disclosure was swiftly met with criticism because of the delay in alerting the public to the hack, as well as problems with the website that Equifax set up for people to check whether their details were at risk.
The hack is being investigated by the Federal Trade Commission and has prompted promises for inquiries in both the Senate and House of Representatives.
Several Equifax officials have left the company since the hack’s disclosure in addition to Smith. The company previously announced that the consumer-data firm’s CIO, David Webb, and its chief security officer, Susan Mauldin, were also retiring. Webb will be replaced by Mark Rohrwasser, who joined the company last year, Equifax said in an emailed statement. Mauldin will be replaced by Russ Ayres. Both Rohrwasser and Ayers previously worked in Equifax’s IT division.
Equifax officials are also reportedly being investigated by the US Justice Department after selling stock before the company revealed a data breach that exposed the personal information of millions of Americans.
According to Bloomberg, the department is looking at sales by Equifax’s CFO, John Gamble; president of US information solutions, Joseph Loughran; and president of workforce solutions, Rodolfo Ploder. The three senior executives dumped almost $US2 million worth of stock days after the company learned of the breach, Securities and Exchange Commission filings show. An emailed statement from the credit-monitoring agency said the executives “had no knowledge” of the breach beforehand.
All the executives still owned thousands of shares of the company after the sales were completed, filings show.
Equifax shares were down 0.2% at $US107.59 at 10:59 a.m. ET. Shares have tumbled by about 24% since news of the hack broke.