Higher multiple was because of cross selling. Made that point many times, quite some time, a higher multiple than the peer group as a result of the benefits of being able to sell in a sense across the product categories across the banks many different divisions. And she showed all the evidence in the form of earnings transcripts, which jim likes, as well meantime, at the same time, weve been hearing from the former ceo of equifax. Our aditi roy has been listening in to that one and has some of the recent developments ch what have we heard we have been sitting in on this hearing its still under way right now with former equifax ceo Richard Smith getting grilled by 23 lawmakers on this house subcommittee heres what weve learned so far. When smith was questioned about why it took the company 40 days to notify the public about the breach, he said initially they didnt understand the scope of the breach, initially it was termed as suspicious activity and they didnt know the scope and breadth and depth of what had happened also he was asked about the stock sales of the three equifax executives, including the companys ceo. After the breach was discovered, the company maintained the executives didnt know about the breach when they made the sales. During this hearing he did confirm that the companys general counsel did have to sign off on those stock sales, so a little tidbit there, and finally Richard Smith did start off his testimony with an apology, saying that as ceo hes the one who is ultimately responsible for what goes wrong, and that he is truly and deeply sorry for what happened. We will continue to monitor the hearing and go back in there and bring highlights as they progress back to you guys thank you for the recap in fact, lets take our viewers there right now, as the former ceo, Richard Smith, continues to take questions from lawmakers. Free lifetime law product, starting january 31st, 2018. That also extends to experion and transunion no, it does not would equifax pay for the freeze and lock at eperion and transunion for customers stolen by equifax the company has come out with what they feel as a comprehensive Services Today and lifetime lock. I would encourage, to be clear, i would encourage transunion and experion to do the same. Its time we change the paradigm, give the power back to the consumer to control who accesses his or her credit data. Im down to limited time, i apologize. Ill take that as a no, equifax will not pay for consumers do you think consumers should have to pay a penalty for your mistake, including potentially identity thefts, medical identity theft, or do you want to compensate consumers as a result of the breach we take this very seriously, we have offered a comprehensive set of products for free will those sets of products make consumers whole it will protect them going forward. Will it make them whole, yes or no . It is hard for me to tell if someone has been harmed, so i cant answer the question. If someones credit has been stolen and someone opened up a bunch of accounts, bought furniture, cell phones, a bunch of fuel and this consumer cant fix their history, theyve been harmed in that case, will equifax make that person whole . Congressman, as i said, i apologize, weve aefroffered tha comprehensive line of products in august 11th in your prepared testimony it says you were aware of a large amount of consumer pii on august 15th it says in your prepared testimony pii had been stolen, it appeared likely, and you requested a detailed briefing to determine how the company should proceed on august 17th it said you held the Senior Leadership meeting on the investigation. You gave a speech also on the 17th about profiting off fraud with the new markets you shared with mr. Pallone you were not aware of pii being stolen what is it congressman, on the 17th i had a full debrief from forensic auditors, outside counsel, and my team. I was aware on the 15th that theres been some pii compromised. How much, the scope i appreciate that clarification. You were aware it was stolen, just not aware how much. I was not aware it was stolen it says in your prepared testimony that you were aware that you asked for a detailed briefing to determine how the company should proceed so you were aware that pii was stolen on the 15th is that true or not true 17th was the detailed review of when i learned about pii even at that time, which pii, was it stolen, not stolen, those details came to life, congressman, over the course of august mr. Smith, on august 15th, were you aware that there was pii that was stolen or not on august 15th regardless of the amount, were you aware of that august 15th i was made aware hackers, criminal hackers, gotten into our system and had pii information. We can revert to your prepared testimony the other testimony that i have that we were asking on is chief legal officer john kelly still employed by you or by equifax . Yes, he is. And you were the ceo at the time that approved the terms of the retirement for david webb and susan muldane. Is their classification retired permanent or be changed to fired for cause like yours theres an investigation going on by the board at this time mr. Chairman, i know my time has collapsed here, if you will, but theres an article in wgntv that talks about equifax doing their own investigation into the three executives that sold their stock and profited, and i just, i guess, they must have a pretty good Investigative Team there, because between the press release that happened on friday or whenever it came out, then a story on sunday, and today we have a revelation that those folks didnt know that this breach took place. I just hope we get to the bottom of this, and again, mr. Chairman, i hope we can be given assurance to the committee and the American People that this committee will have a mark up and a hearing with bills that we can take to the floor before the holidays to give the American People, consumers, confidence again, because this is a mess. Thank you, mr. Chairman. Thank you very much gentlemans time expired chair now recognizes the gentleman from mississippi, the vice chairman of the subcommittee, for five minutes thank you, mr. Chairman, mr. Smith. Thank you for being here to testify today. In your written testimony and in response to some of the chairmans questions, you stated that you were informed of suspicious activity on july the 31st by your chief Information Officer and went on to discuss i certainly did not know that personal identifying information, pii, had been stolen, or have any indication of the scope of the attack did you ask him if there had been any personal identifying information that had been obtained congressman, at that time i was informed it was a dispute portal document. Dispute portal document is something that typically houses if a consumer is disputing with us they paid off a utility bill, he or she may take a picture of the utility bill at that time that was the conversation not to interrupt, but my question was, did you ask if any pii had been accessed . No, i did not were you made aware at that point of the apache hatch . No, i was not did you have meetings with your chief Information Officer or Security Department about any of this issue prior to july 31st no, congressman, i did not. Have you had any meetings with them about any other security information during that time from march until july 31st . Yes, we would have routine meetings, security reviews, it reviews. How often do you have those common due process at least quarterly. And why did you not have this discussion come up obviously, thats more than a quarter, so how many meetings did you have between that time of march the 8th until july the 31st with your Security Team make sure i understand your question how many meetings didyou have during that time from march the 8th until july the 31st . I dont have that information with me. If thats important, we can get that well, how many do you remember do you remember any of those normally we would have i. T. Reviews at least quarterly, security reviews at least quarterly, and then augment that as needed basis. With those meetings and those timelines of march the 8th and july 31st, we are covering into three quarters, not the total of nine months, but you touch into three quarters of that year and at any point in any of that did you have information about this going on no, sir, i did not. All right, in your testimony you indicate the Security Department ran scans in march for the vulnerability but failed to identify it can you explain how this is possible and why was there never any confirmation of anybody coming back and checking to see, okay, we have this identified information, there was a failure of someone on the team to identify this, that it was being used, that the software was even being used was there no one coming in to verify that . Do you have outside person prior to the ones you hired to look at this congressman, we get notifications routinely. The i. T. Team and Security Team do, to apply applications. This individual, as i mentioned earlier, did not communicate to the right level to apply the patch. Follow up, as you mentioned you said this individual. So you had one person responsible for this theres an owner of the patch process. Theres a communication to go out in security, broad based notification, once they receive notification, they notify appropriate people, individual who owns the patch process cascades that communication. For everyone thats on your equifax team, is there anything more important than protecting pii of the consumers no, sir would we identify that as the number one responsibility of the company and everybody in your company . We have for years sir, yes. So, just appears, obviously the job wasnt done, and so we know that, were trying to look at this, and i know, too, it was an equifax spokeswoman who said weve taken shortterm remediation steps and continue to implement and accelerate longterm security improvements as part of ongoing actions to help prevent this type of incident from happening again. So we have 145. 5 Million People whose pii has been compromised how many files do you have in the system worldwide yes, sir. I think someone mentioned earlier it is a public number out there of over 800 some odd Million Consumers and 100 Million Companies roughly. And we know this breach includes some from canada, some from the uk. Would that be fair to say even at this point . Point of clarification there, there was some data that we had on 7,000 canadians in the u. S. So the data was in the u. S same environment we had some data on uk citizens also in the u. S. That piece is still under investigation. You know, my home state of mississippi has 3 Million People 3 Million People almost 1. 4 million files have been breached in my state. If you take away people that are minors that dont have a file yet, almost my entire states going to be impacted so this is a travesty, something that was preventable, we know, and so saying that we want to protect what goes forward doesnt bring us a lot of comfort today. Thank you, i yield back. Gentleman yields back chair now recognizes the gentleman from california for five minutes thank you very much i thought id prepared for this committee, but i have more Chicken Scratch notes, i dont even know where to start mr. Smith, welcome to washington are you currently employed by equifax . No, sir you are not when you decided to come before this committee, were you specifically requested by name to come to this committee by this committee, or were you offered up by equifax as the representative of equifax to come represent equifax before this committee i believe i was asked specifically to come before the committee. By equifax or the committee my understanding is by the committee. Okay. Apparently the committee asked for the ceo at the time, and at that time you were still the ceo, but youre no longer the ceo. Did you enquire as to why the current ceo or interim ceo didnt come before this committee . I did not, but i felt personally it was my obligation. The breach occurred under my watch, as i said in my written testimony and my oral testimony it, i ultimately take that responsibility, so i thought it important i be here. Thank you, i get the picture. On august 31st, excuse me, on july 31st, you were notified of the suspicious activity that eventually, as we now know, is 145 million person breach. Was it july 31st was it . Yes, congressman. It was a brief interaction verbal interaction . Yes you just referenced as an answer to another one of my colleagues questions on august 31st you received some kind of email referring to the possible breach point of clarification, i was notified on the 31st of july by the chief Information Officer, dave webb, in a very brief interaction that this portal seemed to have a suspicious incident there was a communication trail internally between others, also referenced that i was aware of this incident through my interaction with dave webb so that written trail was not directed to you. You were just mentioned in that trail that you had been verbally notified thats my recollection. Mr. Chairman, is it appropriate for this committee to ask for that trail of documents . Ask counsel if its appropriate to receive copies of that trail that its been referenced more than once to some of our questions here on this committee, on this congressional committee. Its come to my attention that several people are no longer with the corporation youre no longer officially with the corporation anymore. The cio at that time is no longer the cio of the corporation of equifax that is correct and then theres another highe higherup that is no longer chief security officer. Okay, chief security officer. However, the thenjohn kelly chief legal officer was the well take you across the hill back to wells fargo where Chris Van Hollen has started the questioning. Npr radio story, did you have a chance to hear that radio . I didnt, senator i listen to npr, but i didnt hear that. I would encourage you to do that, because one of my constituents came out to go to work one morning, his name was michael pfeiffer, heading out in february to his job in maryland at a company that builds guitars, he walked to the place where he parked his car, it wasnt there he called the police, said he was livid, said he thought someone stole his car. Turns out it wasnt a car thief at all it was wells fargos repossessors he was faber gasted because his insurance was current. He went to wells fargo, the folks at the local branch said this is nuts, youre covered it took them, the employees of wells fargo, over two and a half hours just to connect to folks in another branch. My question is very simple if it takes the employees of wells fargo two and a half hours to get in touch with others, it takes individuals having to fight the system by themselves, dont you understand why it makes sense for people to be up a band together to file their claims against a big company like yours rather than have to fight you one by one senator, what i understand is if we make a mistake, we need to make it right, and weve got to improve our processes. What i would like is to the extent mr. Pfeiffer has not been made whole by us, id like to speak with him personally to make sure that were handling the situation to his satisfaction if we made a mistake mr. Chairman, i would just point out that you said it yourself, you were informing your customers to know about Class Action Settlements so they can be made whole. That is the way lots of people can be whole, you know, made whole at once. Mr. Pfeiffer is one guy fighting wells fargo. I find it amazing that you would say your customers come first, and then you deny them the choice of how they seek their compensation thank you, mr. Chairman. Senator purdue. Thank you, mr. Chair. Mr. Sa loloan, thank you for be here how many states does wells fargo operate today . All of them are you regulated in every one of those states . Yes how many federal regulators do you have today . Occ, Federal Reserve, cfbb, is that correct security regulators, too. Were you supervised 2007, 2016, were you supervised by the Federal Reserve . Yes in their oversight, and im sure they were quite involved, did they reveal any material issues during that period of time they have, but thats confidential information that i cant disclose, but we have an act of dialogue relative to this breach in terms of the retail accounts no, they did not were you supervised by the occ during this period of time yes did that oversight reveal material issues related to this situation . Yes, it did, and the prior comptroller of the currency, mr. Curry, has testified to that did the cfpb come up with anything, any material issues, during this period of time not to my knowledge in dealing with these regulators, are there any outstanding absolutely. I have a long to do list yeah and how is the company reacting to that list of corrections . Were listening i mean, i think that im sure youre implementing, too, right thats where i was going. Were listening to their concerns, and we are making fundamental changes, not only because i think they make sense as ceo, but because our regulators also believe that there are other changes that we need to make, and were being very responsive. Im sure if they were here, they would say were not moving as quickly as they would like, which i appreciate that, but our commitment to making to fixing anything thats broken and making wells fargo the best bank in this country is sacrosanct from my perspective i think wed agree no way to sugar coat this as a serious issue and i appreciate your handling it the way you are. I want to get to the governance issue, though. You have an internal audit capability inside wells fargo today, is that correct thats correct. As ceo that was your responsibility roughly how many people across the country are involved in that internal audit effort . Oh, gosh. Well, first let me correct something hundreds or senator, the audit group is actually a separate it reports separate from the Financial Organization because they have to audit the Financial Organization, so our to whom do they report . The chief auditor, david julian, reports to me, but has a direct reporting line also to our audit examination committee. Right you also, your board, has an external auditor, as well. Thats correct. To whom does that external Auditor Report well, they report to our shareholders right they also provide independent reports to our board on our financial conditions and other matters. During this period of time when these indiscretions were occurring, did any report from either the internal audit capability or external audit capability disclose any of these bounties the internal auditors did, though i would say that was another area they could have done a better job, and i think david julian, our chief auditor, made fundamental changes there, but when it was reported to the Senior Leadership team, we should have taken more aggressive action. Has any other breach of operation occurred that has not been made public yet well, minor breaches maybe, but that was one of the reasons why we went above and beyond the normal standard of materiality in our Second Quarter 10q to provide an update on things like cpi, on gap insurance, on hard holds, on ofak, a variety of different matters, because as ive encouraged our team, we need to make sure were more transparent to our stakeholders than weve ever been so going forward, has the scope of the internal audit function and external audit function been expanded relative to this problem . Its it has expanded and its been reorganized to reflect the reorganization weve done within our company i dont know the answer as to the number of folks from kpmg that cover us today, but my guess is theres more than there was a year ago and the year before thank you, mr. Chairman thank you, senator heitkamp thank you, mr. Chairman one of the most important things that we can accomplish here is to figure out whether we actually see and have a sense that there is a culture change at wells, mr. Sloan. And i have to tell you, ive been listening to the line of questioning, and i think anyone with an open mind would question whether we are actually seeing a culture change so let me kind of run through this senator warren asked you about the l. A. Times at the time that this story broke, and we can all acknowledge that the l. A. Times had a huge role in this, and you said, well, you didnt have evidence about that, so you didnt really respond to it but then once it became a bigger scandal, then were going to fix it so then we find out when we talk about, well, were going to fix it we now realize that this is a problem and theres been mistakes made. And then we find out after the we will fix it that there was knowledge of this problem years before the l. A. Times story, that upper management knew about this problem and thought that they had managed it and fixed it they didnt fix it okay then we fire employees, who open fake accounts. Saying they are the problem. Its this Community Bank problem, thats where the problem is but you also fired those who refused to play the game, and we know that that happened, because they have since participated in public discussions about how they tried to whistle blow on this and then again when we raise these issues you say trust us, were fixing it, and they come before this hearing, wasnt you, mr. Sloan, but come before this body, and say, wow, this is all you need to know we now have turned the corner and its all going to be okay. Only then to have this Insurance Scandal exposed. But now we hear were going to fix it so, okay, im like thats three times. You know, i know a little bit about baseball seems like you strikeout after three times of promising something you dont see, but what i want to say to you, because it goes back to your response to senator warren about the l. A. Times. In the course of just about 15 minutes here, you were told about an overdraft problem in the 11th circuit now, if i ran an organization, i would know if i were in the 11th circuit with the discussion on overdraft protection but you said you were not familiar that sounds familiar then you were asked about a legal position taken in utah about arbitration, which was in the media. You said, i dont know about that i would know about that if i were you i would know about that if i were you, especially coming before this body and then a National News story about wells fargo being involved in a wrongful repossession of a car, a news story that literally millions of people listened to, and youre not familiar with it. This is problematic for us, because we need to see that theres actually a culture change, that there is a reaction to these kinds of consumer failures and we dont really hear it here what we hear a lot of is, dont know, look into it, we really care about the customer. Now, i would assume that where we are right now is a lot of soul searching at the highest ranks. Soul searching at the highest ranks of wells fargo and correct me if im wrong, what i heard you keep saying is mistakes were made at the Community Bank, driven by wrongful incentives that were provided to the employees. Right . I have not heard you say other than taking responsibility for the incentives, i havent heard you say mistakes were made at the highest level of wells fargo. I mean, we can say, yes, weve lost a ceo and, yes, theres been some punishment, and, yes, were moving over, but the bottom line, i do not hear a level of culture change that satisfies me today and i think that that is something thats very problematic for wells fargo going forward, because im not familiar is not an answer we should be getting here it should be, yes, were aware of that, were fixing it and when we only hear im not familiar, we wonder what else were not familiar, and i would caution you when you say this is everything, thats what the last ceo told us. And then the Insurance Scandal broke. So, you know, its up to your board to figure out what they are going to do, but i hope you take these comments as constructive, because its not helpful for you to say youre not familiar senator, i appreciate your comments, and in my Opening Statement i was very clear that we take responsibility for the mistakes that weve made when i say we, i mean me im the ceo of this company. The buck stops with me every day. I apologize that im not familiar with every matter, but to the extent that im not, right, were going to follow up on all of those. As it relates to senator warrens comments, she asked me not if i was about the l. A. Times, she talked specifically about information at the l. A. Times provided and if i took action in that interview, they didnt provide me with any information, so i cant take action if the l. A. Times didnt provide having said that, we took action when that information got to the Senior Leadership team ive taken responsibility for the fact that we didnt take aggressive enough action thats why were making the fundamental changes that were making at wells fargo to make things right for our customers and our team members and all of our stakeholders, but having said that, senator heitkamp, i completely appreciate your frustration. I am angry about what happened at this company, and i pledge to you not only are we fixing it, but we will fix it [ inaudible you cannot segregate the top from the bottom, and it seems to me that when you say we, we didnt get any information from the l. A. Times, you shouldnt have had to have information from the l. A. Times. Should have read the story and said, is this true, lets go find out and we did. And we did well, you knew it was true, because you knew about this years before that. No, senator heitkamp, we didnt, and the board actually conducted an independent investigation where they looked at millions of documents they interviewed hundreds of people, and their conclusion was consistent with what ive said publicly here and elsewhere in the last year. And that is that the issues within the Community Bank were elevated to the leadership team, including me, in late 2013 we should have and could have taken more aggressive action i apologize for that weve taken that aggressive action right now to fix the things that are broken 2013 i think that we had a document going back to 2008, but ill have to hunt it up. I dont have it in front of me thank you, mr. Chairman. Senator cotton. Thank you, mr. Chairman mr. Sloan, welcome to the the committee. Another Heated Exchange between wells fargo ceo and one of the lawmakers hes testifying there. That was senator Heidi Heitkamp, democrat from north dakota, going after sloan for the cultural change and questioning whether there has been one about those bank account scandals, what he knew, when he knew it. Sloan answering those questions, of course, after senator Elizabeth Warrens tough questions to him, in which she told him that he should be fired. Our wilfried frost has been inside the hearing room listening, covering tim sloan from the very beginning, and covering this bank, wilfried whats your reaction yes, lets just recap some of the highlights of the hearing so far. As we just heard, tim sloans tried to focus his comments on some of the changes hes made since he was ceo, but most of the questions hes faced have focused on what he knew and what he didnt act upon in his time from 2011 to 2016 as ceo, head of the wholesale bank, then coo. Heres his initial response to what he knew then. In 2013 when the sales practices issues were elevated to the operating committee, i sat on that operating committee, youre absolutely correct, and my role at that time was cfo, it was elevated to that group, we took action, but in hindsight, senator, we took action that was insufficient, as i said in my Opening Statement. And im angry about how we handled the problems historically im disappointed in how we have done how we handled those, but the fundamental changes that ive made since weve been ceo are addressing the failings that the board report pointed out, our regulators point out, and the mistakes that i saw in my prior roles. Now, senator warren jumped on the fact of what he knew earlier before he was ceo, and directly quoted to mr. Sloan comments he had made as cfo on an Earnings Call in april 2011, and she landed a significant blow as she did it lets take a listen. In the april 2011 call, for example, i think ive marked that one, you said, i cant wait to get a credit card in every one of our credit the worthy customers wallets. Nothing about whether your customers wanted or needed a wells fargo credit card, all that mattered was opening new accounts of course, cross selling was central to this whole scandal when it erupted initially. I should say that later senator warren quoted something from july 2016, sloan pushed back against that, saying she was taking it out of context asked her to read more of the quote, which she didnt do either way, this was senator warrens conclusion. At best you were incompetent, at worst you were complicit, and either way, you should be fired. The hearing continues, sara, the stock price down about a percent today. All right, thank you very much for summing up some of the testy moments inside that wells fargo hearing. I want to take you back now to the house energy and commerce committee, where there is another Heated Exchange going on, this with Richard Smith, who stepped down as equifax ceo last week, in the hot seat taking questions. Second Board Meeting on the 25th, subsequent Board Meetings routinely, if not daily, in many cases through as recently as last week. Thank you, and my time as expired, mr. Chairman. Thank you very much the gentlemans time has expired and the chair now recognizes lady from california for five minutes. Thank you, mr. Chairman, and thank you, mr. Smith, for appearing here today as many of my colleagues have highlighted the events that led to this data breach and the actions that equifax management took after the fact are very upsetting. Seems Many Americans are in a place of breach fatigue, but this latest event that could potentially impact nearly half of all americans should light a fire under every Single Member here, and i think youve noticed that it has lit a fire we cannot follow the same script after the next inevitable data breach thats one of the reasons why i am also supporting congresswoman schakowskys secure and protect americas data act its not as though this type of legislation is unprecedented 48 states have implemented laws that require consumers to be notified of security breaches. Im pleased that my home state of california was the first state to pass this kind of notification law in 2002 today, if california residents personal data is hacked, state law requires they are notified in the most expedient time possible and without unreasonable delay we must act to ensure all americans are subject to protections like this at the federal level. Mr. Smith, because equifax, without doubt, has information on many california residents, the company is subject to the california data breach notification law can you please describe to me how equifax come pliplied with e state law . Were california residents notified of the breach as required congresswoman, i dont have the specific knowledge of the California Law i can tell you, though, that we worked as a team, including with our counsel, to help us ensure were doing what is right for the consumer and the most expedient manner as possible, so were aware of the requirements of the different state laws, i just dont have the specific knowledge as it relates to the state of california. So you also dent know, because the law requires equifax to supply a copy of the breach notification to the attorney general. You dont know whether this was done congresswoman, i do not, but we can have our team follow up through staff if that would be helpful. Okay. In the context of this breach, if data that you hold is about me, do i own it . Do i own my data could you please repeat the question in the context of this breach, if the data that you hold is about me, do i own it . Congresswoman, we are part of a federally regulated ecosystem thats been around for a long time, and its there to help consumers get access with their consent to credit when they want access to credit well, can you explain what makes data about me mine compared to what make it someone elses the intent, if you will, of the solution we have recommended, we implement and are going live with in january of 2018 is, in fact, to give you as the consumer through this lock product for life free the ability to control who accesses your personal information and who does not so at that point in time you believe that i can say i own my data, is that right . Youll have the ability to control who accesses and when they access your data. Okay. Could i ask you some further questions following along to what others have asked about credit locks and credit freezes . Now, limiting access to credit, even for a short amount of time, can have real financial consequences, especially for low income populations how quickly will a file be able to be locked and unlocked, and how will you ensure that speed congresswoman, thank you for that question. That is a great advantage of the product that were offering for free, versus the freeze, which again was came about in 2004 out of regulation. And there states dictate how quickly you can get access to freezing and unfreezing your file, and oftentimes that can take days, if not weeks, because were mailing data back and forth to the consumer. In this case, the intent is in january of 2018 on your iphone you can freeze and unfreeze your file instantly at the point you want it locked and unlocked. So, and i recall that one of my colleagues asked whether a credit lock is the same thing as a credit freeze and you said it was. Is that correct . As far as protection to the consumer, congresswoman, it is as far as ability to lock or unlock and freeze or unfreeze a lock is far more user friendly okay. So, you currently offer a credit lock product now, and you plan to offer this other one for free starting the end of january. And can you describe for me why you consider that would a lock be more economical for you, or would a freeze be im trying to get a sense of the difference, because i think there is a difference here if i may one more time to try to clarify as far as protection, they are the same the lock youre getting that we offer to consumers on september 7th gives you the same level of security youd get from a freeze or from the product thats going out in july january the difference is, the lock is browser enabled, januarys lock will be an app on an iphone. And secondly, instant on, instant off, versus the freeze or todays lock. Ive got more questions, but ive run out of time thank you. Thank you very much the gentleman from illinois is recognized for five minutes. Thank you, mr. Chairman sir, thank you for being here today. This is, obviously, a huge issue. 145 and a half Million People affected by this data breach, thats nearly half of all americans. Thats a failure on multiple levels its a failure to keep consumer personal information secure, its a failure to appropriately respond to a breach, and failure to notify the public and much more my constituents and the American People need not just answers, but they want assurances they are not going to be financially ruined by this i do want to make a quick point. Mr. Lujan asked if the people harmed by this would be made whole and you made a statement, and i understand theres probably some legal and technical reasons for this, but you said i dont know if consumers are harmed, were harmed i want to make the point that i think that idea that people are not harmed in this is ludicrous. Of course, they are going to be harmed, even if theres no financial harm that comes from them, just even having this information exposed is a massive deal, but i fear were going to see bigger repercussions from that mr. Smith, i was surprised to find out equifax initially included a requirement that consumers consent to a mandatory arbitration clause why did that happen . Why was that the beginning part of the rollout congressman, thank you for that question. I want to clarify. The Product Offering that went live on the service offered on the 7th was never intend to have that arbitration clause apply to this breach. It was the standard boilerplate clause as a part of a product. As soon as we learned that the boilerplate term was applied to this free service, i think it was within 24 hours we removed that and tried to clarify that that was a mistake one of the mistakes i eluded to in my oral testimony through the remediation product on september 7th. So does equifax require consumers to consent to arbitration with respect to any of its other products, and if not, is that information prominently disclosed to the consumer not as it relates to the breach, congressman. Well, the question is about what about any other products do you require consent to arbitration . Some of the Consumer Products we have theres an arbitration clause in there, standard clause whats the reason for that . I dont have that answer other than its a standard clause hopefully you can get that to me, that would be good your press release indicates the Company Found no evidence of unauthorized activity on equifaxs core consumer or commercial credit reporting databases. What are equifaxs core consumer and commercial credit reporting databases, and how are they distinct from the databases containing personal information thachs that was subject to the unauthorized theft congressman, the area that was impacted here was a consumer dispute portal the consumers would come in and dispute activity with us as separate than if you, congressman, talked about the credit file on their hand, that is separate from the core credit data that consumers have in our database so, in essence were there 145. 5 Million People at one point had disputed credit issues then, if that was the the portal they used, they could have been in that portal for multiple reasons, and we also by regulation have to keep data for extended periods of time in some cases sevenplus years, so its a lot of data for a lot of years, but its outside of the core credit file itself. Which company i guess kind of which Company Databases were accessed, but why wouldnt you consider that, then, maybe this is a change now after this, why wouldnt you consider that to be part of the core consumer commercial credit reporting databases . Just the way we define it the credit file itself is housed, managed, in a completely separate environment from a database that consumers come into directly. The core credit file itself is largely accessed by corporations, companies that we deal with, versus consumers. Okay, so i just want to make sure, and you have to forgive me, im not an i. T. Expert to get 145 Million Peoples records in only the dispute database, i guess im trying to figure out if you didnt really answer the question in terms of were there 145 Million People disputed at some time, or was there another entry somehow through that that went into other information. Maybe i dont understand the i. T. Part of this. The only entry was to the consumer dispute portal, and that is a completely separate environment than the credit file itself we also, as you might recall, has a lot of data for Small Businesses in america. That environment, which is part of the definition you were eluding to, was not compromised either okay. And lastly, are your core consumer or commercial credit reporting databases encrypted . We use many techniques to protect data encryption, tokenization, masking, encryption in motion, encrypting at rest to be very specific, this data was not encrypted at rest. This one, but your core is . Some, not all some data is encrypted, some tokenized, some in motion, some masked varying levels of security techniques that the team deploys in different environments around the business okay. Thank you, sir, i yield back thank you very much gentleman yields back. The chair now recognizes the gentleman from california for five minutes i thank the chair for holding this hearing mr. Smith, its my understanding that compromised information was due to an unpatched vulnerability in the web application framework apache struts besides the companys Online Consumer dispute resolution portal, does equifax have any other portals that use apache struts no, sir this was the environment that deployed struts. Okay, that was a simple answer we might need to restart my time in addition to equifaxs credit monitoring and reporting services, the company has equifax for business offerings, and in this capacity operates as a data broker. As a part of these services, the company collects large amounts of data about consumers without consumers having any knowledge of this happening. Was this information compromised in the breach . I think i understand your question, but could you repeat that one more time so i get it right . Youre familiar with the equifax for business offerings yeah, yes, so we do have Product Offerings and solutions for Small Businesses, mediumsized businesses, and Large Businesses across the country. Correct. Right was information from equifax for business also compromised in the breach no, congressman, it does not. Goes back to the question earlier part of what we call our core credit data it was not compromised were going to take you out of this hearing on the hill and show you a live picture of san juan nunez air force base about nine miles east of san juan, where the president has just arrived. Expected to get a briefing about the recovery in puerto rico. Hell meet with some individuals who have been impacted by the storm. Hell meet with the governor of puerto rico, governor of the u. S. Virgin islands, as well as military personnel 3. 4 million residents in puerto rico, a large portion of whom are still without gas, power, and water. And that briefing, contessa brewer, who joins us from san juan, will be attended by mayor cruz, who, of course, was critical of the president leading into last weekend. Yes, this is about saving lives, not about politics. This is what the mayor of san juan said about with the president today. She said open lines of communication are important. This is about saving lives, not about politics this is also about giving the people of puerto rico the respect we deserve in recognizing the moral imperative to do both there are a lot of desperate people on this island. They are desperate for food and water, medicine and gas, and today the governor of puerto rico said the situation is improving. They have got thousands of dod boots on the ground in puerto rico, hundreds of fema operatives out there and working out the logistics of how to move food and water into the most isolated places. They are still in many cases depending on airdrops of supplies into these places that are most isolated on the island. We drove the island. Its unclear how President Trump is going to be able to get a sense of the real magnitude of this damage by staying in the san juan metro area, and the governor said he doesnt have any clear details about whether the president is going to get a flyover of the island, whether hell be able to go out into some of these hard hit neighborhoods because certainly in areas of san juan life it coming back and people are having dinner at sidewalk patio cafes. We do know that the president is meeting with the governor of puerto rico, the mayor of san juan and the governor of the u. S. Virgin island who is coming here to meet him because of the logistical problem of getting to st. Thomas, st. John and st. Right now and those are islands still trying to get power back up and running after irma happen. They had two storms hitting the communities very hard. Still communities in puerto rico that dont have power postirma so its been weeks and weeks of this and now were being told, police are going out and telling people, look, its going to be months, if not a yore or more before you get power back, even with the massive response here, guys, and so the president is likely to get some taste of that have today the governor of puerto rico says he plans to ask for more money, and he says he wants the aid package to reflect the damage on this island and to be commensurate with what texas and what florida were seeing as well yeah, and that sort of brings us to the political controversy that, unfortunately, had to surround this, contessa, not just that not just that twitter battle with the mayor of san juan but also the fact that there was criticism around the president taking 18 days to waive the jones act which limited ships from bringing in relief supplies, the fact that he was tweeting all weekend about the nfl. In fact, lets just listen in. Reporter yeah, i mean, those tweet did not go over well down here thank you, mr. President. Welcome, mr. President. Thank you for everything. Welcome, mr. President. Welcome, mr. President. Thank you, sir. Great to see you does anybody recognize this person thank you for coming. I need this clear behind me now. Sir, were going to go this way over here. Thank you, maam. Sir, i know how this works. Thank you, maam thank you. Okay thank you. So clearly our shot was a little fuzzy there, and we were trying to get you some of the audio as we heard it on the ground a lot of people thanking the president and his wife, first lady melania, for being there. Contessa brewer, we were talking a little bit about the fact of the reaction on the ground to some of the reaction from President Trump to Puerto Ricans and just what they were processing and how they were feeling about it reporter yeah. I mean, the tweets did not go over well. I didnt talk to a Single Person on this island that was happy about the back and forth from twitter, and especially when he was calling into question the selfsufficiency of Puerto Ricans, they were out there clearing the roads, taking care of themselves, so didnt go over well here. Yeah. All right. Well watch that, the president in puerto rico today also want to take you back to this hearing going on the Senate Banking committee. Senator Elizabeth Warren back at it the firing at tim sloan, the ceo of wells fargo. Promising to spend 11. 5 billion in the next year buying back wells fargo stock youve made this public announcement you have that much extra money so, look, if you stick to your current plan, its clear that wells fargo employees making 30,000 or 40,000 a year are going to get screwed just like they got screwed in the fake account scandal before it was executives who demanded new accounts be produced at all costs, but it was 5,300 front line employees who paid for that with their jobs, and now that the fake account scandal has tanked wells fargos reputation your way of pumping up the bottom line and keeping wall Street Investors happy is to slash costs by firing lowlevel employees. You know, what happens in these cases, mr. Chairman, in these corporate scandals, its almost always the front line workers that pay the price, not the executives, and the only way were ever going to stop these scandals is to hold executives personally accountable, to fire the people who are responsible and when they break the law to march some of them out in handcuffs, and until we do that, these scandals are going to continue and working people are going to continue to take the brunt of it. Thank you, mr. Chair. Thank you senator, could i respond to that yes, as a matter of fact, im going to take my last word as the last questioning period. I am interested in what your answer would be to senator warrens statements and the assertions that she makes. I couldnt disagree more with almost everything that senator warren said. I think its inappropriate to take various statements out of context and multiply numbers and then apply them to people because then what youre saying, youre scaring people and thats inappropriate. When you look at wells fargo ive said first and foremost my commitment is to our 270,000 team members to make sure that they have got a safe place to do business in, to serve their customers, that they are paid fairly, and what those team members are saying to us, even in the midst of the fact that we have said that we need to become a more Efficient Organization is they like working at the company because our attrition is down. Its down to its lowest levels in years, and thats because they appreciate the fundamental changes that weve made, many of which, but not all of which, that weve talked about. We care about our team members thats why i spend a lot of my time going out and seeing them and talking to them and understanding how they are feeling about the company, and were making changes based upon what they tell us. Every other month i hold a town hall with one, two, 3,000 team members and ask them unscripted to give us suggestions weve implemented lots of their suggestions. We care about them, but at the same time i have an obligation as a ceo of this company to make sure that we keep other stakeholders happy, and that includes our shareholders who arent just wall Street Investors, but they are shareholders that are Pension Funds that support many retirees all across this company. 40 is k plans own our stock. Weve got on obligation to them so my job as ceo is to try to balance those appropriately and im working as hard as i can to accomplish that. All right well, thank you. And i want to just let our senators know that if they have additional questions they are due by next tuesday, and then, mr. Sloan, we generally ask that the witnesses respond to those questions as quickly as they can. Not knowing how extensive those questions will be, we cant give you the specific time line to that. Senator, if you want to set a deadline for us right now, wed be happy to live up to whatever deadline you set. We generally ask that the questions be responded to in one week from when they are received. We will respond in one week all right without anything further then, this hearing is adjourned. Thank you and that ends the Senate Banking hearing on wells Fargo Tim Sloan under enormous pressure from multiple senators, not just warren in this case, about the companys response before and after these credit accounts were made public by various journalistic outlets Heidi Heitkamp going after him about being uninformed about articles in the more recent history, but sloans response repeatedly has been were in the banking business and providing credit cards to qualified customers is what we do. In his words he said im not embarrassed about that. Just sort of ending on what he does and how he has outreach to his employees and cares about them and presents himself as a leader dont forget, john stumpf was the ceo at the time they found the scandal and he was brought in in an even tougher questioning over a year ago, but clearly sloan is still getting the questions, and the stock is a little bit lower this morning. Yeah. Market has been doing okay after the big gains yesterday. The dow is up for a fifth straight session. Better than okay. S p is looking for not just six straight but a rise in 14 of the past 17 sessions records on the transports, the dow, the s p. And the small caps have joined the party which is key as we look ahead potentially to tax reform. Let get over to the judge and the half. Baas all right. Carl thanks very much welcome to the halftime report. Well be covering the averages and the new highs along with the russell 2000 we also hope in the wake of the hearing on capitol hill, wells fargo Ceo Tim Sloan has just gotten off the hot seat that perhaps our wilfred frost will catch up with him as he makes his way down the hallway if that happens, well bring you the sound, if in fact were able to get any if you missed the hearing, there were several fiery exchanges yo