Five lessons learned following Congress’ Equifax hearings


Bipartisanship isn’t completely dead on Capitol Hill. As it turns out, there’s nothing like the compromise of the personal information of nearly 146 million Americans to bring the two parties together.

That is just one of a handful of lessons learned this week after former Equifax CEO Rick Smith faced lawmakers for a four-part grilling, all broadcast live on C-SPAN. It was the Atlanta credit bureau’s first extended public reckoning since it disclosed on Sept. 7 that hackers had stolen the sensitive personal details of more than half of American adults.

Smith, who stepped down last week following more than a decade at the helm of the company, apologized as he sat alone at the witness table. He attributed the hack to a mixture of “human error and technology failures.”

Here’s what else we learned about the Equifax breach and its aftermath this week:

Equifax was warned in March that its system had a vulnerability. Smith disclosed in his testimony that the U.S. Department of Homeland Security alerted the company on March 8 that a software it used called Apache Struts had a flaw that made it vulnerable to hackers. That’s a full two months before the company was reportedly hacked and four before the company noticed the suspicious activity, according to Smith’s timeline. Executives did not fully ramp up their internal damage control operations until August and tell the public until early September. Smith said that during the more than monthlong delay between when the company noticed the hack on July 29 and when it notified the public the firm was still figuring out the scope of the breach and setting up call centers for customers affected by the hack. Lawmakers were heavily critical of the response time.

Apparently one person is responsible for the internal communication breakdown that made the hack possible. According to Smith’s testimony, Equifax followed its standard security protocol and told “a large number of people” on its security staff to check out the reported flaw the day after the company was contacted by Homeland Security. But the vulnerability was never fixed because of a single person at the company who failed to properly communicate that a software patch was needed, Smith said. He did not name that person, and it was unclear whether the individual still works for Equifax.

Outrage is bipartisan. Lawmakers are divided on just about everything when it comes to regulation of the financial services industry, but the indignation stretched across party lines this week. Lawmakers patiently waited their turns to slam the company’s behavior before, during and after the hack on behalf of their constituents. Many of the same notes were sounded from House Financial Services Chairman Jeb Hensarling, R-Texas, an advocate for unwinding federal rules on corporations, to Massachusetts Democratic U.S. Sen. Elizabeth Warren, a prominent voice on consumer advocacy issues.

During the hearings, lawmakers from both parties discussed the possibility of passing legislation that would mandate when corporations would have to disclose cyberbreaches to their customers. Others mentioned implementing some sort of pre-emptive security standard for companies. Similar legislation has eluded Congress in recent years, but some lawmakers have indicated that the mammoth scale of the hack could persuade members of Congress to find consensus this time.

The Internal Revenue Service is still willing to give Equifax money. Another patch of bipartisanship emerged this week in the form of widespread scorn after media outlets reported that the feds’ tax collectors quietly awarded Equifax a $7.25 million no-bid contract last week. The money is for fraud prevention and taxpayer identification services. Louisiana Republican U.S. Sen. John Kennedy was one of the most blunt. “You realize, to many Americans right now, that looks like we’re giving Lindsay Lohan the keys to the minibar,” he said, according to the Los Angeles Times. The IRS said in a statement that the short-term contract is aimed at preventing a lapse in services. IRS data, according to the agency, were not included in the breach.

The Monopoly man makes the occasional trek to Capitol Hill. This week’s hearings were tense, highly charged — and more than a little repetitive. A dash of levity came Wednesday morning, when a woman dressed as Monopoly mascot Rich Uncle Pennybags — complete with a lush fake handlebar mustache, top hat and monocle — took a seat just over Smith’s left shoulder as he testified before the Senate Banking Committee. The woman was a consumer protection advocate for the left-leaning Public Citizen, reportedly looking to make a point about forced arbitration clauses used by companies such as Equifax. Pennybags was seated directly behind former U.S. Sen. Saxby Chambliss. The Georgia Republican left Congress in 2015 and has since been working as a consultant at DLA Piper, a law firm that faced a hack of its own earlier this year and is reportedly aiding Equifax in the aftermath of the breach. Chambliss and DLA Piper did not respond to requests for comment.


Reader Comments ...

Next Up in Georgia Politics

Mayor Reed puts airport exec on leave amid concerns over contracts
Mayor Reed puts airport exec on leave amid concerns over contracts

A high-ranking official at Hartsfield-Jackson International Airport has been placed on administrative leave after the mayor’s office learned that his wife is doing business with an airport subcontractor. A spokeswoman for Mayor Kasim Reed said Friday that the action was taken against Cortez Carter, deputy general manager at the airport, whose...
The Week: Blank says kneeling should not be seen as disrespect
The Week: Blank says kneeling should not be seen as disrespect

Atlanta Falcons owner Arthur Blank offered his own interpretation of protests NFL players have staged this season by kneeling during the national anthem. “It’s very clear that the players have no interest whatsoever in being disrespectful to the flag or the anthem,” Blank told GPB’s Ricky Bevington this past week. &ldquo...
Dunwoody man goes from battling brain cancer to DNR hunting consultant
Dunwoody man goes from battling brain cancer to DNR hunting consultant

When Chip Madren was in seventh grade, doctors told his family the type of brain cancer he had gave him about two more years to live. It was his love of hunting that caused him to fight for his life, his mother said, after being promised a trip to Montana when he got better. “He was not fighting well up until that time,” Lea Madren said...
Move for freer political speech divides Georgia’s religious community
Move for freer political speech divides Georgia’s religious community

It’s a regular ritual on Sundays before big votes: Candidates fan out to churches across the state, take prominent perches near the pulpit and receive warm applause from parishioners. And preachers inevitably shower them with kind words, though they stop short of much more lest they cross an invisible line. That’s exactly what happened...
Georgia’s craft brewers would win big in Senate tax bill
Georgia’s craft brewers would win big in Senate tax bill

The U.S. Senate’s new tax bill would give Georgia’s small craft breweries some holiday cheer months after a watershed state law provided a major economic boon to beer makers and liquor distillers. The would-be Christmas present comes in the form of a proposed tax decrease, which industry advocates say would put thousands of dollars into...
More Stories