Fmr. Equifax CEO to expose chain of errors that led to breach in congressional testimony
Now-retired Equifax CEO Richard Smith will testify before the House Committee on Energy and Commerce Tuesday, where he is expected to apologize for his company’s failure to fix a flaw that led to a massive data breach.
In prepared remarks released Monday, Smith said the company failed to identify and patch a software vulnerability, despite a public notification to do so in March. Smith said it was this unmitigated software flaw that allowed unauthorized third parties to access Social Security numbers, birth dates, driver’s license numbers, and more, from hundreds of millions of individuals.
Smith also said he was disappointed with his own response to the breach, which included requiring consumers registering for credit monitoring and identity theft protection to waive their right to join a class-action lawsuit against the company. That clause was later revoked, following a harsh public outcry.
Smith stepped down from his post last week, in what some lawmakers hinted may have been a play to avoid the fallout from both the hack and the company’s response. The company’s chief information officer and chief security officer have also left their posts since the data breach.
Smith will likely face a myriad of questions about timing and why it took Equifax so long to disclose the breach, which they discovered on July 29 and reported on Sept. 7. In the period between those two dates, three Equifax executives sold nearly $2 million in company stock, which the company initially said was pure coincidence.
Equifax announced late Monday that, upon concluding an investigation into the hack, an additional 2.5 million American consumers could have been compromised, bringing the grand total to 145.5 million potential victims.
Lawmakers asked U.S. Securities and Exchange Commission Chair Jay Clayton last week to confirm whether Equifax executives who have left their posts would still be looked into for wrongdoing. And while Clayton could not confirm nor deny the existence of an investigation, he said he it was his job to enforce the full extent of the law.
Smith is scheduled to appear before three congressional committees this week. The hearing before the House Committee on Energy and Commerce begins Tuesday at 10 a.m. ET.