Equifax’s former chief executive Richard Smith often deflected questions from a Senate panel Wednesday about a $7 to 10 million IRS contract the company newly received to assist prevent scam and whether the company could benefit from the hack that unprotected sensitive information of 145 million people.
“Can you describe to the American people, not just as clients who have been disclosed and breached here, but as taxpayers, why in the world should you get a no-bid contract right now?” asked Sen. Ben Sasse (R-Neb.). Smith replied that he didn’t know the minutiae of the contract but that he thought it was for work the company was earlier doing and that the contract was just being revived.
“You realize too many Americans right now that it seems like we’re giving Lindsay Lohan the keys to the mini bar,” said Sen. John Neely Kennedy (R-La.). Smith stared at Kennedy for a few seconds then said he understood the arrival.
Smith endured the shower of tough questions as he encountered the second of four congressional committees he is set to visit this week as lawmakers research the company’s massive information breach and its mishandle response. After 12 years at the helm of the company, Smith skipped down as CEO last week, and is the only company representative engaged to come out before lawmakers. Behind him sat former senator Saxby Chambliss (R-Ga.) who sometimes stood up to whisper in Smith’s ear. Farther back, but within camera shot, was a supposed critic derisive Smith in a black top hat, white mustache and a monocle that paralleled a character in the Monopoly board game.
The hard-charging former CEO assisted transforms Equifax from easily a credit-rating company to a huge data manager that employs artificial intelligence and machine learning to assist companies regulate whom to lend fund to. Smith was heralded on Wall Street for his destructive development of the company, including beginning to gather employment data, such as customer’s salaries. But that business model came under repeated attack Wednesday by the Senate Banking Committee.
Equifax could actually revenue from the breach, warned Sen. Elizabeth Warren (D-Mass.). The company, for example, is providing clients free scam alerts for one year, she said. But if victims want to expand that coverage after a year, they will have to pay Equifax.
Warren quoted a speech Smith had given lauding that fraud was a big opportunity for the company. “This breach has made more business opportunities” for Equifax, she said. Equifax “did a terrible job of protecting our data because they didn’t have a reason to secure our data.”
In an interview outside the hearing room, Warren called for a host of resolves to the credit reporting industry as well as new rules on data security. Customers should own their own information and control who has access to it, she said.
“This is a full industry right now where the incentives are in the bad place,” she said. “The incentives are to gather as much data about people as probable and then pump it out for sale.”
Smith repeatedly confessed for the breach, acknowledging the company struggled to respond instantly to consumers’ concerns. Equifax’s call centers initially had only 500 employees and grew to 3,000 in two weeks, he said. “I confess to this committee and all Americans for this breach,” Smith said. “I am in no way skirting the problem of this horrific breach, and it was a horrific breach.”
Separately Smith repeatedly defended three Equifax senior executives who sold nearly $2 million in stock after the company learned of the breach but before it was uncovered publicly. The executives did not know about the breach when they sold their stock and the sales were permitted by the company’s general counsel, he said. “These are three men I have known for a long time. These are honorable men who followed the protocol,” Smith said.
That defense was met with disrupt by several lawmakers. The company wants the public to trust the executives were “the three luckiest investors” who arranged to sell their stock before the company’s stock price fell by more than 30 percent, said Sen. Tim Scott (R-S.C.). “I find that hard to believe,” Scott said. There may have been no intention to commit insider trading, said Sen. Jon Tester (D-Mont.), but “this really stinks. I mean it actually smells actually bad. And I feeling smelling bad isn’t a crime.”
In testimony this week, Smith revealed that Equifax missed an opportunity to prevent the breach. In early March, the Department of Homeland Security alerted Equifax about a critical susceptibility in its software. The company sent out an internal email requesting that the issue be fixed, but that was not done, Smith told lawmakers. By May, hackers found the software susceptibility and utilized it to gain information to millions of clients’ sensitive data. It was not until late July that the company exposed the breach.
The company then struggled to respond to the backlash. For several days, the company’s Twitter account directed customers in search of assist to a fake site pretending to be Equifax. It originally required customers to agree not to join a class-action lawsuit to get some form of help before dropping that demand.
“In the rollout of our remediation program, mistakes were made, for which again, I am deeply apologetic,” Smith said. “I regret the frustration that many Americans felt when our websites and call centers were overwhelmed in the early weeks. It’s no excuse, but it certainly did not assist that two of our larger call centers were shut down for days by Hurricane Irma.”