WASHINGTON – On Capitol Hill this week, four House and Senate committees held oversight hearings over three days in response to the Equifax data breach, which hackers stole personal data of more than 145 million Americans. Lawmakers from both parties hammered former Equifax CEO Richard Smith, who testified on Tuesday before a House Energy and Commerce subcommittee, on Wednesday before the Senate Banking Committee and a Senate Judiciary subcommittee, and on Thursday before the House Financial Services Committee.
Smith faced extensive questioning from committee members in all four hearings. Several themes and common lines of questioning were evident through the three days of hearings. First, there was unanimous criticism of Equifax and their lack of protecting consumers’ personal information and their poor response to the data breach and the way they notified the public of the public breach. Members of Congress questioned whether or not Equifax even had a data security plan in place to protect the most sensitive consumer information, like Social Security numbers. Other issues raised in the hearing was the length of time if took to notify the public, the subpar service to victims of the breach, the selling of $2 million in stock by top executives days after the breach was initially discovered, and finally the inaction of patching the vulnerability on its public website – despite warnings about the glitch months before.
Finally, lawmakers also expressed the need for legislation to better protect and notify consumers in the event of a data breach. House Financial Services Committee Chairman, Jeb Hensarling stated that he expected to examine a number of potential changes under the law in response to the breach and affirmed his hope to advance data security and notification legislation. He also asked if current laws – such as the Fair Credit Reporting Act, Dodd-Frank financial reform, and Gramm-Leach-Bliley Act - regulating the financial sector and companies’ data security sufficient.
In the coming weeks, it is likely that there will be more hearings and more calls for legislation. As the legislative process moves forward, NACS will continue to keep you informed of any new developments.