October 03, 2017

In Advance of Banking Committee Hearing, Senator Warren Seeks Answers from Equifax's Former and Interim CEOs

Warren Questions Equifax Executives About Betrayal of Customer Trust and Corporate Responsibility

Text of Warren Letter with New Questions for Equifax Executives Available Here (PDF)

Washington, DC - U.S. Senator Elizabeth Warren (D-Mass.), Ranking Member of the Senate Subcommittee on Financial Institutions and Consumer Protection, today sent a letter and a series of "Questions for the Record" to former Equifax Chairman and CEO Richard Smith, and Interim CEO Paulino do Rego Barros about the data breach that has exposed the personal information of millions of Americans and the company's response to it. Mr. Smith is scheduled to testify before the Senate Banking Committee on Wednesday.

Following the breach and Equifax's delayed and lackluster response, Senator Warren sent letters to Equifax, along with TransUnion, Experian, and a number of government agencies, to request a thorough investigation into consumer data security of credit reporting agencies. She expanded her investigation a week later into the causes of the breach and the company's response, sending letters to Equifax's Board of Directors, as well as the Securities and Exchange Commission and the Department of Homeland Security. Equifax responded on October 1st.

"This response answered some of my questions in full; it failed to answer others; and in some cases, it raised new questions. In addition to your correspondence, my staff has obtained information from news reports and outside experts that raises additional questions about Equifax and its response to this breach," wrote Senator Warren. "I am particularly troubled by reports that Equifax had ample warning of cybersecurity problems prior to the 2017 breach, and by reports that the website created to direct consumers to assistance in the wake of the breach - EquifaxSecurity2017 .com - also may present a cybersecurity risk."

The Senator included 37 detailed questions in her letter, and asked that Mr. Smith be prepared to answer them during Wednesday's hearing, and provide full written answers by October 16th. The questions focused on the precise extent of the breach; how hackers gained access to personal data; details about Equifax's cybersecurity strategy; why the company had ignored previous warnings and cybersecurity incidents; problems with the public website Equifax set up in response to the breach; and why the company failed to patch key vulnerabilities.