WASHINGTON, DC - OCTOBER 04: Former Equifax CEO Richard Smith prepares to testify before the Senate Banking, Housing and Urban Affairs Committee. Smith stepped down as CEO of Equifax last week after it was reported that hackers broke into the credit reporting agency and made off with the personal information of more than 145 million Americans. (Photo by Mark Wilson/Getty Images)

Senators call for more actions from Equifax in wake of hack

Former Equifax Chief Executive Richard Smith appeared Wednesday for the second of three Congressional hearings he is facing this week over the company’s massive hacking incident affecting almost 146 million Americans.

Here are some snapshots from today’s hearing before the Senate Banking, Housing and Urban Affairs Committee, where a video replay is available online:

Give it back

Stock sales by three top Equifax executives and a recently renewed contract with the IRS to provide fraud prevention services drew the ire of several senators.

“They should give the money back,” Sen. Heidi Heitkamp, D-N.D., said of the roughly $655,000 in losses that the three executives avoided by selling stock before Equifax disclosed the breach, sending its stock plunging.

Likewise, she called on Equifax to back away from the recently renewed contract with the IRS.

“Many times it’s the symbolic acts” that matter, said Heitkamp. “My advice to you is to do some things that are very, very visible, and that’s two things you could do.”

Equifax won a $7.25 million no-bid contract renewal last week to provide fraud prevention and taxpayer identification services to the IRS, according to media reports.

Equifax also said when it disclosed the hacking incident on Sept. 7 that three of its top executives, including its chief financial officer, had sold $1.8 million worth of company stock on Aug. 1 and Aug. 2, days after the company first discovered signs of a serious hacking incident. The sales, months before the hacking attack was made public, raise questions of illegal insider trading.

Equifax has said the executives had no knowledge of the breach at the time they sold stock.

Smith said in hearings Tuesday and Wednesday that the company didn’t know at the time that hackers had stolen large amounts of data, including millions of folks’ Social Security numbers and other sensitive information.

But some senators weren’t buying it.

Under questioning, Smith said that Equifax’s chief lawyer was first notified of “suspicious activity” by hackers on Aug. 2. The chief attorney approved the executives’ stock sales on Aug. 1 and Aug. 2.

Smith also said that on Aug. 2, Equifax officials and a big Atlanta law firm working for the company, King & Spalding, had notified the FBI of the breach on Aug. 2, the same day as some of the executives’ stock sales.

Equifax had detected the activity on July 29 and shut down a web portal hackers had broken into on July 31, according to a timeline in Smith's prepared testimony before the hearings.

But Smith said "millions" of hacking attempts occur at Equifax every year, and that the company didn't know by Aug. 2 that a theft of personal data had actually occurred.

“To the best of my knowledge, they had no knowledge,” Smith said of the executives.

After the data theft was disclosed to the public more than a month later, Equifax’s stock dropped about 36 percent, wiping out more than $6 billion of the value of investor’s stake in the company.

“This really stinks. It smells really bad. And I guess smelling bad isn’t a crime,” said Sen. Raymond “Jon” Tester, D-Mont.

Heitkamp wanted to know how often Equifax notified the FBI after detecting suspicious activity.

“I don’t know that information,” said Smith, adding that he would ask the company to look into it.

Profiting from fraud

Liberal firebrand Sen. Elizabeth Warren, D-Mass., lambasted Equifax for a history of past hacking incidents that she said have allowed the company to profit from selling fraud-prevention and related products to consumers.

“The whole thing is staggering,” said Warren. Equifax “should have the best security in the nation, and it has the worst,” she said.

She asked Smith if fraud is more likely now as a result of the most recent hacking incident.

“Senator, yes it is,” Smith answered.

So, Warren asked, it has created a “business opportunity” for Equifax to sell fraud protection products to consumers?

Smith said the “best thing’ for consumers to do is sign up for Equifax’s free credit monitoring and credit freeze products it offered after disclosing the data breach.

Equifax “is making millions of dollars on its own screw-up,” said Warren. “From 2013 to today, Equifax has disclosed at least four different hacks.” She asked if Equifax’s profits increased during that period.

“Yes, it did,” Smith answered.

By about 80 percent, Warren added. “The incentives in this industry are completely out of whack,” she said. Consumers and businesses will be harmed by the fallout from Equifax’s data breach, she added, but “Equifax will be just fine. In fact, it could come out ahead.”

Support real journalism. Support local journalism. Subscribe to The Atlanta Journal-Constitution today. See offers.

Your subscription to the Atlanta Journal-Constitution funds in-depth reporting and investigations that keep you informed. Thank you for supporting real journalism.