Make us your home page

'This is a travesty': Lawmakers grill former Equifax chief executive on breach response

Former Equifax CEO Richard Smith testifies before lawmakers in a congressional hearing on Capitol Hill on Tuesday.

Getty Images

Former Equifax CEO Richard Smith testifies before lawmakers in a congressional hearing on Capitol Hill on Tuesday.

Former Equifax chief executive Richard Smith was grilled by animated lawmakers Tuesday at the first congressional hearing after the company disclosed a massive security breach.

Lawmakers from both parties questioned Smith on his role at the embattled credit-reporting agency and indicated that tighter data security standards are long overdue.

Rep. Greg Walden, R-Ore., the chairman of the House Energy and Commerce Committee, described Equifax's response to the breach as "ham-fisted" and "unacceptable," echoing several other lawmakers on the panel. In a remarkable exchange, Walden held up a thick stack of paper, which he said was a full Equifax consumer credit report, and asked Smith how such a sophisticated company responsible for so much data could allow the breach to occur. "How does this happen?" he said, with exasperation.

Smith confirmed at the hearing that intruders were able to penetrate the company's network by exploiting a known vulnerability that Equifax had failed to patch. But for the first time, Smith acknowledged that the employee responsible for assigning a correction to that vulnerability failed to do so, even though that person knew the patch was needed.

Smith also fielded questions concerning reports that his former colleagues sold an unusual amount of stock after the breach was known to the company but before it was disclosed to the public. Smith said that at the time, Equifax knew only that suspicious activity had been detected, and not that personal information had been stolen from the company. "To the best of my knowledge they did not know," Smith said.

The former Equifax chief executive declined to directly answer whether Equifax suspects a nation state was involved in the breach. "I have no opinion," he said, when asked by Rep. Leonard Lance, R-N.J., several times. Smith said that the FBI is involved.

The hearing comes a day after Equifax said that the data of an additional 2.5 million consumers may have been compromised by the cyber breach, bringing the total number of consumers who may have been affected to a staggering 145.5 million.

Last week, Equifax tried to get ahead of what may be an intense round of questioning. On Thursday, the company announced a new, free service that will allow consumers to lock and unlock their credit information for life, starting next year. It has also been considering clawbacks for some of its executives, according to the Wall Street Journal. But that may not be enough for lawmakers and consumer advocates who have asked the credit agency for more extensive remedies and protections. There have even been calls to change the entire credit reporting industry.

While many high-profile companies have suffered damaging data breaches, the Equifax hack stands out because of the company's sprawling influence on U.S. commerce. The crucial, identifying information belonging to millions of people, including Social Security numbers and home addresses, may have been compromised.

After Equifax disclosed the breach in September, the public outcry was swift and resounding. Reports quickly surfaced that several Equifax executives had sold an unusual amount of stock after the company discovered the breach but before it was made public. Not only did consumers feel exposed after learning that their sensitive information may have been stolen, but they also were angered by Equifax's bungled response. The call center was understaffed, and a help website that the company put up had the trademarks of a phishing scam while offering little guidance as how to protect affected people, experts and consumers said.

A week later, the company's chief security officer and the chief information officer announced their sudden retirements. Then Smith said that he, too, would step down.

Smith will also testify in three other hearings this week. It's not clear whether the company's attempts at reform will pre-empt new cybersecurity regulations backed by some lawmakers.

Yahoo: Breach affected 3 billion

Yahoo has tripled down on what was already the largest data breach in history, saying it affected all 3 billion of its users, not the 1 billion it revealed late last year. The company announced Tuesday that it's providing notice to additional user accounts affected by the August 2013 data theft. The breach was previously disclosed by the company in December. Yahoo says the stolen customer information did not include passwords in clear text, payment card data or bank account information.

Associated Press

'This is a travesty': Lawmakers grill former Equifax chief executive on breach response 10/03/17 [Last modified: Tuesday, October 3, 2017 9:46pm]
Photo reprints | Article reprints

Copyright: For copyright information, please check with the distributor of this item, Washington Post.

Join the discussion: Click to view comments, add yours

  1. Sen. Nelson urges FEMA to examine high number of denied flood claims


    Sen. Bill Nelson urged FEMA on Tuesday to ensure fairness, proper oversight and transparency in processing Hurricane Irma aid following a report by the Palm Beach Post that 90 percent of Irma claims under the National Flood Insurance Program had been denied.

    Sen. Bill Nelson is calling for FEMA to ensure the flood claims process post-Hurricane Irma is fair and ethical following reports that 90 percent of claims under the National Flood Insurance Program were denied. | [Times file photo]
  2. Amazon expands in Tampa with Pop-Up shop in International Plaza


    TAMPA — A new retailer known largely for its online presence has popped up at International Plaza and Bay Street.

    Shoppers walk past the new Amazon kiosk Tuesday at the International Plaza in Tampa. The kiosk, which opened last month, offers shoppers an opportunity to touch and play with some of the products that Amazon offers.
[CHRIS URSO   |   Times]

  3. Study: Florida has fourth-most competitive tax code


    Florida's tax code is the fourth most competitive in the country, according to a study released Tuesday by nonprofit group Tax Foundation.

    Florida has the fourth-most competitive tax code, a study by the Tax Foundation said. Pictured is  Riley Holmes, III, H&R Block tax specialist, helping a client with their tax return in April. | [SCOTT KEELER, Times]
  4. Trigaux: On new Forbes 400 list of U.S. billionaires, 35 now call Florida their home

    Personal Finance

    The latest Forbes 400 richest people in America was unveiled Tuesday, with 35 billionaires on that list calling Florida home. That's actually down from 40 Florida billionaires listed last year when a full 10 percent listed declared they were Floridians by residence.

    Edward DeBartolo, Jr., shopping center developer and  former San Francisco 49ers Owner, posed with his bronze bust last year during the NFL Hall of Fame Enshrinement Ceremony in Canton, Ohio. DeBartolo remains the wealthiest person in Tampa Bay according to the Forbes 400 list released Tuesday. 
[Photo by Joe Robbins/Getty Images]
  5. Clearwater attorney accused of condo foreclosure trickery fights back

    Real Estate

    The Clearwater lawyer accused of tricking a bidder into paying $458,100 for a gulf-front condo now plans to contest a judge's order tossing out the sale.

    John Houde, left, looks in the direction of Clearwater lawyer and real estate investor Roy C. Skelton, foreground, in August during a hearing Sixth Judicial Circuit court Judge Jack St. Arnold at the Pinellas County Courthouse. The judge agreed with Houde's allegation that he was duped by Skelton in thinking he bought a Redington Beach condo for $458,100 out of a foreclosure auction. Now Skelton is fighting back.