WASHINGTON, D.C. – U.S. Senator Bob Menendez (D-N.J.), a senior member of the Senate Banking Committee, today led a letter along with Senators Jack Reed (D-R.I.), Jon Tester (D-Mont.), Mark Warner (D-Va.), Elizabeth Warren (D-Mass.), Heidi Heitkamp (D-N.D.), Joe Donnelly (D-Ind.), Brian Schatz (D-Hawaii), Chris Van Hollen (D-Md.), and Catherine Cortez Masto (D-Nev.) to Banking Chairman Mike Crapo (R-Idaho) calling for immediate hearings into the recent Equifax security breach that compromised the personal information of 143 million Americans.

“The sheer magnitude of this event, affecting nearly 44 percent of the county’s population, coupled with the aforementioned issues, merits a thorough investigation and comprehensive review by the committee,” the Senators wrote. “As one of the Senate committees of jurisdiction, we should undertake prompt action to fully investigate the cause, scope, and impact of this event, as well as understand and consider implementing any lessons learned.”

Last week, Equifax disclosed that unauthorized parties obtained the personal information—names, Social Security numbers, addresses, and driver’s license numbers—of approximately 143 million U.S. consumers, additionally that 209,000 consumers had their credit card numbers stolen and the credit reporting dispute files of 182,000 consumers were compromised. It was also revealed that when the breach was first discovered internally in July, several top level executives within five days of that discovery sold $2 million in shares, though its customers and the public were not notified until Sept. 7.

The senators requested a thorough investigation by the committee including testimony from Equifax Chief Executive Officer Richard F. Smith, Securities and Exchange Commission Chair Jay Clayton, and Consumer Financial Protection Bureau Director Richard Cordray in order to attain a full, transparent explanation of what went wrong, who is responsible, how to fix it, and how to prevent such catastrophes in the future.

“For the millions of affected consumers throughout the nation, the impacts of this security breach could be catastrophic,” wrote the Senators. “As one of the three major credit reporting agencies, Equifax centrally holds the most sensitive personal information that determines whether Americans will be able to purchase a car, secure a loan for a home, attain employment, and countless other functions that are critical to economic growth.”

The letter is below and here.

September 12, 2017

The Honorable Mike Crapo

Chairman

U.S. Senate Committee on Banking, Housing, and Urban Affairs

534 Dirksen Senate Office Building

Washington, DC 20510

Dear Chairman Crapo:

In light of Equifax’s announcement last week of a security breach affecting a staggering 143 million Americans, we respectfully request that the Senate Committee on Banking, Housing, and Urban Affairs hold immediate committee hearings to fully investigate the matter.

According to Equifax, unauthorized parties accessed the personal information including names, Social Security numbers, addresses, and driver’s license numbers of approximately 143 million U.S. consumers.[1] In addition, 209,000 consumers had their credit card numbers stolen while 182,000 consumers’ credit reporting dispute files were compromised.[2] For the millions of affected consumers throughout the nation, the impacts of this security breach could be catastrophic. As one of the three major credit reporting agencies, Equifax centrally holds the most sensitive personal information that determines whether Americans will be able to purchase a car, secure a loan for a home, attain employment, and countless other functions that are critical to economic growth.

Over the course of the last few days, we have learned of additional issues related to the security breach that only further underscore the need for the committee’s attention to this matter. First, Equifax’s chief financial officer, president of U.S. information solutions, and president of workforce solutions sold Equifax shares worth nearly $2 million in the span of a mere five days after the company discovered the security breach.[3] Second, Equifax reportedly discovered the security breach on July 29, and reminiscent of Wells Fargo’s delays in making public issues impacting its customers, Equifax waited until September 7 to publicly announce that 143 million U.S. consumers were victims of the breach.[4] Third, Equifax offered to victims a free subscription to its credit monitoring product, TrustedID Premier, in the aftermath of the security breach but required consumers to waive their right to participate in class-action lawsuits against the company.[5] Only after largescale public outrage did the company clarify and later remove the forced arbitration clause.[6]

The sheer magnitude of this event, affecting nearly 44 percent of the county’s population, coupled with the aforementioned issues, merits a thorough investigation and comprehensive review by the committee. In order to fully comprehend the breadth and scope of Equifax’s security breach, any such investigation should include, at a minimum, testimony from Equifax Chief Executive Officer Richard F. Smith, Securities and Exchange Commission Chair Jay Clayton, and Consumer Financial Protection Bureau Director Richard Cordray. As one of the Senate committees of jurisdiction, we should undertake prompt action to fully investigate the cause, scope, and impact of this event, as well as understand and consider implementing any lessons learned.

As members of the United States Senate Committee on Banking, Housing, and Urban Affairs, we should accept nothing less than a full and transparent explanation of what went wrong, who is responsible, how to fix it, and how to prevent such catastrophes in the future.

We have also requested a hearing on Wells Fargo. We hope you agree to both of our requests to address these two incidents that have both caused so much harm to our constituents and millions of people across the country. We look forward to working with you to fully investigate this issue and to better protect consumers. Thank you for your attention to this critical matter.

Sincerely,

###



[1] Press Release, Equifax Inc., Equifax Announces Cybersecurity Incident Involving Consumer Information (Sept. 7, 2017), at https://investor.equifax.com/news-and-events/news/2017/09-07-2017-213000628.

[2] Id.

[3] Anders Melin, Three Equifax Managers Sold Stock Before Cyber Hack Revealed, Bloomberg (Sept. 7, 2017), at https://www.bloomberg.com/news/articles/2017-09-07/three-equifax-executives-sold-stock-before-revealing-cyber-hack.

[4] Press Release, Equifax Inc., Equifax Announces Cybersecurity Incident Involving Consumer Information (Sept. 7, 2017), at https://investor.equifax.com/news-and-events/news/2017/09-07-2017-213000628.

[5] Maria Lamagna, Equifax TrustedID customers waive their rights to a class-action lawsuit, MarketWatch (Sept. 9, 2017), at http://www.marketwatch.com/story/why-some-equifax-customers-have-unwittingly-waived-their-rights-to-a-class-action-lawsuit-2017-09-08?mg=prod/accounts-mw.

[6] Bryan Logan, Equifax responds to confusion surrounding a massive security breach affecting 143 million customers, Business Insider (Sept. 8, 2017), at http://www.businessinsider.com/equifax-responds-security-breach-arbitration-clause-website-call-center-2017-9.