Equifax CEO To Explain Leak To Congress

Members of Congress are getting ready to grill Equifax CEO Richard Smith, who is set to testify about his company’s massive data breach that impacted as many as 143 million Americans.

According to CNBC, Smith will answer to the Senate Banking Committee on Oct. 4. He is already slated to appear before the U.S. House of Representatives on Oct. 3.

The company’s shares have fallen more than 30 percent since the hack, which exposed consumer names, Social Security numbers, birthdates, addresses and, in some cases, drivers’ license numbers. The company also reported 209,000 U.S. consumer accounts were accessed by the hackers, as well as certain dispute documents with personal identifying information for approximately 182,000 U.S. consumers.

The Equifax leak – and the company’s response to it – has sparked outrage among U.S. lawmakers, including Senator Chuck Schumer, who called its treatment of consumers following the breach  “disgusting,” and went on to say that Smith and the Equifax board might need to resign. “It’s one of the most egregious examples of corporate malfeasances since Enron,” Schumer said.

In addition, Senator Elizabeth Warren, a member of the banking committee, is looking into whether new federal legislation is needed to protect consumers. She also questioned the overall regulatory framework for credit reporting agencies, which are not subject to the same levels of intense scrutiny as other consumer finance firms.

In the meantime, the Federal Trade Commission has already launched an investigation into the leak, and Equifax is also facing backlash from several U.S. states. Massachusetts Attorney General Maura Healey filed a lawsuit against the company, accusing it of not doing enough to protect consumers against the hack, while the U.S. Attorney’s office in Atlanta is working with the FBI on a criminal investigation into the breach.

And New York Governor Andrew Cuomo announced that he wants credit reporting firms to comply with the state’s new cybersecurity regulations, as well as require agencies to report their officers or directors who are responsible for compliance with laws and regulations involving financial services, banking and insurance each year. If the companies fail to register, they could be barred from doing business with financial companies regulated by New York State.

Plus, there is the CFPB, which is widely believed to be about to lay a punishment down on Equifax using the same powers it has used against Wall Street’s biggest banks. There is, however, some question as to whether they have the authority to do so — since Equifax is not strictly a financial company.

The CFPB and legal experts said the regulator could pursue Equifax under an aspect of the Dodd-Frank Act banning unfair, deceptive and abusive acts and practices (UDAAP).

CFPB spokesman Sam Gilford noted that the consumer watchdog already fined Equifax in January for allegedly deceiving consumers about the usefulness and cost of credit score information they bought, using this aspect of the law.