Will heads roll at Equifax, SEC over massive breaches?

As lawmakers get ready to grill Equifax CEO Richard Smith and SEC Chair Jay Clayton on Capitol Hill in the coming weeks, many wonder how the respective executives of each organization will be asked to pay for compromising the sensitive information of American individuals and companies.

While two Equifax executives, including the company’s chief information officer and chief security officer, retired earlier this month, there have been calls for Smith to resign as CEO as well. Sen. Chuck Schumer (D-N.Y.) called not only for Smith’s resignation, but that of the company’s entire board of directors, comparing the case to the Enron scandal.

Smith will testify before two separate congressional committees during the first week in October, meanwhile Clayton is scheduled to appear before lawmakers next week, though some doubt the SEC—as a government agency – will receive the same treatment as the credit reporting company.

“Without a doubt, the CEO is eventually is going to be fired at Equifax,” cybersecurity expert Morgan Wright told FOX Business this week. “What happens to the head of the SEC? […] It’s the same issue … they are supposed to be the guardians of trusted information.”

It should be noted that Clayton was not head of the SEC when the hack occurred. He was confirmed as the head of the agency in May, while the hack is reported to have taken place in 2016. Still, the overarching question is whether any heads will roll at the SEC.

Mark Grossman, a tech lawyer with Tannenbaum Helpern, told FOX Business that the SEC hack was “bigger” than Equifax, with the power to put “trillions of dollars of wealth” at stake.

“You can sue Equifax, try suing the SEC,” Wright said. “It should be as easy to hold someone in government as accountable as they want to hold the private sector.”

Wright also pointed out that the SEC will be involved in reprimanding Equifax, likely fining them for the breach. The SEC is investigating the sale of $1.8 million worth of stock by three Equifax executives, after the breach was discovered by the company, but before it was publicly disclosed.

"If that happened, somebody needs to go to jail," Sen. Heidi Heitkamp, (D- N.D.) said last week about the stock sale. "It's a problem when people can act with impunity with no consequences. How is that not insider trading?"

The hackers who breached the SEC’s Edgar system had access to non-public information that could’ve allowed them to conduct insider trades, as well.

Clayton will testify before the Senate Banking Committee on Sept. 26, while Smith will testify before the same committee on Oct. 4 and a separate House committee the day prior.