Former Equifax CEO Richard F. Smith received the opposite of a hero’s welcome while addressing a congressional committee on Tuesday, with representatives bashing the exec for the credit giant’s “unacceptable” hack that left nearly half the U.S. population vulnerable to identity fraud.
Smith blamed the data breach — which compromised the social security numbers, addresses, and birth dates of 145 million Americans — on a “human error,” where an unnamed employee failed to patch its security system, despite the fix being available for months before the hack.
“So does that mean that that individual knew the software was there,” asked Rep. Greg Walden, “and it needed to be patched, and did not communicate that to the team that did the patching?”
“That is my understanding, sir,” said Smith.
“Talk about ham-handed responses, this is simply unacceptable,” said Walden, the chairman of the Energy and Commerce Committee. He went on to say the bungled operation was “like the guards at Fort Knox forgot to lock the doors.”
But there was plenty of slamming to go around, with the committee members ready and willing to tee off on perhaps the one company more unpopular than Congress right now.
“I worry that your job today is about damage control: to put a happy face on your firm’s disgraceful actions and then depart with a golden parachute,” said New Mexico Rep. Ben Ray Lujan. “Unfortunately, if fraudsters destroy my constituents’ savings and financial futures, there’s no golden parachute awaiting them.”
Smith — who retired last week — repeatedly apologized for the hack during his remarks. “I’m here today to say to each and every person affected by this breach I’m truly and deeply sorry for what happened,” said Smith.
His cries for absolution were brushed off by the committee, however.
“You’re just required to notify everybody and say, ‘So sorry, so sad,'” said Rep. Joe Barton of Texas. “We can have this hearing every year from now on if we don’t do anything to change the current system.”
The ex-exec was questioned on the three high-ranking Equifax employees that sold millions of dollars worth of stock only days after the company noticed the hack on July 29. The company did not publicly acknowledge the breach until early September. Smith said they had no idea about the breach when they sold their shares. “I don’t know exactly the date they were informed, but to the best of my knowledge they had no knowledge at the time.”
Several committee members discussed the potential need to regulate or shut down Equifax altogether. “When restaurants fail regular health inspections, they’re shut down,” said Rep. Gene Green of Texas.” Others pointed to the everlasting threat hacked consumers will now face — with their social security information able to be held for years before being sold on the black market.
The three-hour skewering did little to assuage committee members, with many calling for further hearings with other Equifax execs. Check out the link below if you want to see some Congress-on-CEO lambasting.