Equifax just got grilled by Congress for the first time over its breach. Or at least one of its former executives did.
Richard Smith, the former CEO of Equifax, testified Tuesday morning before the House Energy and Commerce Committee about the credit reporting firm’s massive security breach.
Smith apologized numerous times throughout the hearing for the breach and said it was the result of “human error and technological error.”
“The criminal hack happened on my watch… I take full responsibility,” he said in opening remarks. “I’m here today to say to each and every person affected by this breach I’m truly and deeply sorry for what happened.”
- Equifax says March breach not related to major hack
- Equifax data breach: What you need to know
- Equifax data breach could impact 143 million US consumers
- How to check if your information is part of Equifax cybersecurity breach
Congress members were unsatisfied with Smith’s apologies. “You’re just required to notify everybody and say, ‘So sorry, so sad,'” Rep. Joe Barton told Smith.
Barton said it’s time “some teeth” be imposed on the federal level, possibly by requiring credit agencies to pay consumers when their accounts are hacked.
On Monday, Equifax said its breach potentially affected 2.5 million more people than it had previously stated. The total number of people involved may now be as much as 145.5 million.
Federal agencies, state officials and members of Congress are currently probing Equifax over its data security practices, customer service response and the possibility of insider trading from executives.
The breach compromised some of our most sensitive personal information, including Social Security numbers, addresses, and driver’s license numbers.
Smith was pressed early in the hearing about executive stock sales that took place before the hack was disclosed to the public. He said the three executives who sold stock were not aware of the breach.
“I don’t know exactly the date they were informed, but to the best of my knowledge they had no knowledge at the time,” he said.
In another exchange, Smith said he had “no indication of a breach” prior to the date of the stock sales, only of “suspicious activity.”
Smith faced questions from legislators about Equifax’s botched response to the breach, the months-long delay in announcing it and whether consumers will be compensated for damage caused by identity theft.
Rep. Greg Walden, the Republican chairman of the House subcommittee, pledged Tuesday to hold Equifax and Smith accountable. But he said, “I don’t think I can pass a law that, excuse me for saying, fixes stupid.”
“How could a major U.S. company like Equifax, which holds the most sensitive personal data on Americans, so let them down?” Walden said in opening remarks at the hearing. “It’s like the guards at Fort Knox forgot to lock the doors and failed to notice thieves emptying the vaults.”
Smith said he would expect Equifax to “cooperate” with “particular legislation that arises out of this horrific breach.”
The former CEO’s appearance Tuesday marks the first in a series of Equifax hearings in Washington. On Wednesday, Smith will testify twice — before the Senate Banking Committee and a Senate Judiciary subcommittee on privacy. And on Thursday he will appear before the House Financial Services committee.
Smith stepped down as CEO three weeks after the breach was announced to the public.
After three hours of grilling, Democrats said today’s hearing was not sufficient, pressing for additional hearings with the current Equifax executives, including the CIO and chief legal officer.
“I don’t think this is resolved,” said Rep. Anna Eshoo.