This week, former Equifax CEO Richard Smith testified before a congressional committee, apologizing for a security failure leading to more than 145 million Americans having their data compromised--but that’s enough for a Florida Republican who is calling on the Securities and Exchange Commission (SEC) to take action.
Smith was grilled by the U.S. House Energy and Commerce Committee this week and he insisted the breach was the fault of a single Equifax employee who failed to take security precautions. Despite that, he said he was in charge of the credit company at the time of the breach and took the blame.
“The criminal hack happened on my watch and. as CEO, I am ultimately responsible, and I take full responsibility,” Smith said. “I am here today to say to each and every person affected by this breach, I am truly and deeply sorry for what happened.”
Following Smith’s testimony to the House committee on Tuesday and the U.S. Senate Commerce Committee, U.S. Sen. Marco Rubio, R-Fla., write SEC Chairman Jay Clayton demanding companies immediately inform consumers when their data is compromised.
“As you are aware, nearly 145.5 million Americans had their personal information exposed in the massive Equifax data breach reported to the public on September 7, 2017,” Rubio wrote Clayton. “This breach, and others like it, have made Americans vulnerable to identity theft and scams. The reality of our data-rich 21st century requires that we take security guardrails very seriously, and ensure the federal government is upholding the trust Americans need for their full participation in the national economy.
“For this reason, I write to urge that, to the maximum extent consistent with the law, the Securities and Exchange Commission (SEC) require companies to promptly disclose significant hacks of material impact that make Americans vulnerable to identity theft,” Rubio added. “Doing so could help individuals begin to take the necessary steps to ensure their identity is protected. This includes freezing their credit reports, checking bank statements, and assessing financial security. In the aftermath of Hurricanes Harvey, Irma and Maria, many Americans need to be assured of the integrity of their credit as they take out loans to pay for repairs to their homes and businesses.
“Companies that hold American’s personal information should be held to a higher security standard,” Rubio wrote in conclusion. “In recognizing this, I urge that you prioritize transparency actions for Equifax so that consumers can be aware of their status with adequate time to take appropriate remediation steps.”
Earlier this week, Smith’s replacement said cybersecurity firm Mandiant was finishing up its investigation of the breach.
"I was advised Sunday that the analysis of the number of consumers potentially impacted by the cybersecurity incident has been completed, and I directed that the results be promptly released," said Paulino do Rego Barros, the interim CEO of Equifax "Our priorities are transparency and improving support for consumers. I will continue to monitor our progress on a daily basis.
"I want to apologize again to all impacted consumers,” Barros added. “As this important phase of our work is now completed, we continue to take numerous steps to review and enhance our cybersecurity practices. We also continue to work closely with our internal team and outside advisors to implement and accelerate long-term security improvements.”
READ MORE FROM SUNSHINE STATE NEWS