In the world. Im convinced that the story helped me get the job at the post. American history tv all weekend every weekend only on former equifax ceo, richard smith, testified today before the House Financial Services committee. Its the fourth time hes been before lawmakers this week. Theyre looking into the equifax data breach, which exposed private information from nearly 146 Million People. All four hearings are available in our Video Library at cspan. Org. [ banging gavel ] the committee will come to order. Without objection, the chair is authorized to declare a recess of the committee at any time, and all members will have five legislative days within which to submit extraneous material to the chair for inclusion in the record. The hearing is entitled examining the equifax data breach. I now recognize myself for threeandahalf minutes to give an opening statement. September 7th, equifax announced what it called a, quote, Cyber Security incident at its business. That potentially affects 145 million u. S. Consumers. Nearly half of all americans. In other words, if you are hearing my voice, you are either the victim of the breach or you know someone who is. Thats how massive this breach was. The criminals got basically everything they need to steal your identity, open credit card accounts in your name, and cause you untold frustration and financial calamity. This may be the most harmful failure to protect private Consumer Information the world has ever seen. The companys response to this breach has left much to be desired. For weeks, equifax failed to disclose the breach to consumers and its shareholders. It provided confusing information about whether people were victims of the breach or not. And beyond belief, Senior Executives sold their equifax shares after the company knew of the breach and before the company disclosed the breach. I trust the Justice Department and Securities Exchange commission will get to the bottom of this. Clearly, action by the federal trade commission, the Consumer FinancialProtection Bureau and potentially other regulators is required. Congress must ensure that federal Law Enforcement and federal regulators do their jobs, so justice can be served and victims are made whole. We must thirdly examine if youre agencies and statutes like grammleachbliley, the fair Credit Reporting act and udap are up to the job. In this era of big data, largescale security breaches, unfortunately, are becoming all too common. By the increasing frequency and sophistication of cyberattacks, this clearly demands heightened vigilance and enhanced efforts to safeguard consumers. Protecting consumers, obviously, starts with requiring effective measures to prevent data breeches in the first place. Given the federal governments own poor track record when it comes to protecting personal information, witness the s. E. C. In the opm hacks as two recent examples. We must be cautious about attempts to never let a good crisis go to waste and impose a washingtonforce technology solution. That may be antiquated as soon as it is imposed. However, i do believe that we need to ensure we have a consistent National Standard for both Data Security and breach notification in order to better protect our consumers, hold Companies Accountable and assure that this affair does not repeat itself. Our committee passed such legislation nearly two years ago. The bipartisan Data Security act. The need to revisit that legislation and where necessary improve upon it should be obvious to all. The status quo is clearly failing consumers and leaving them extremely vulnerable. So i look forward to working with members of both sides of the aisle, and working with the administration to ensure that americans across the country will be protected and will no longer have to lose sleep over the kind of breaches that we are discussing today. I yield back the balance of my time. I now recognize the Ranking Member of the committee, the gentle lady from california, for three minutes. Thank you, mr. Chairman. The massive breach at equifax and the companys skubs eloquent failures are a lapse on a scale we have never seen before. Equifaxs failure to safeguard consumer data is all the more egregious because the impacted customers never chose to do business with equifax. And because of the broken Business Model of our countrys Credit Reporting agencies, these consumers cant end their relationship with equifax. They cant shop around for a better deal. Theyre literally stuck with this company. So im very interested in what equifax will do moving forward to provide full redress for all of those who have been harmed. I am also interested in why equifax has sent this committee a witness today without the authority to commit equifax to future action. The members of this committee need to hear not just about what has happened, but also about what equifax plans to do moving forward. So i already know that this hearing wont answer all of the questions that i and other members would like to know more. This is why Committee Democrats are requesting a minority day hearing to get more answers to the questions surrounding not only this breach, but also its impact on consumers and solutions for consumers moving forward. For example, i for one would like to make sure that Credit Reporting agencies do not inappropriately profit off of this incident by exploiting consumers legitimate fears. Now is not the time to focus on how to sell consumers more products. Now is the time to fix what has been broken. But this breach at equifax woeful response are just a tip of the iceberg. The whole Credit Reporting system needs a complete overhaul. Thats why i introduced hr3755, the comprehensive Consumer Credit reporting reform act. This legislation, among other things, shifts the burden of removing Credit Report mistakes to Credit Reporting agencies and away from consumers. And my bill would also shrink the importance of Credit Reports in our lives by limiting the use of Credit Reports and employment checks and limiting when cras can collect information on consumers. Its time to end the stranglehold that equifax, transunion and experian have on our consumers lives. Mr. Chairman, i yield back. The gentle lady yields back. The chair now recognizes the gentlemen from missouri, mr. Luetkemeyer, the gentleman of our Financial Institution subcommittee, for oneandahalf minutes. Thank you, mr. Chairman. Mr. Smith, i know you right here. There we go. Theres a lot of us to try and keep track of, right . I know you sat before several committees this week, and i trust you heard the anger from congress and the American People. This is not just incompetence on the part of you and your company, but also for law and for consumers. There was a failure on the part of you, your board and your senior management. And your failures have impacted more than onethird of the American People. Whats most egregious to me is that the American Peoples data had potentially been compromised had to wait more than a month to find out about it. The public the American Public deserves better. They deserve prompt notification so they can safeguard their identity. They deserve a system that effectively and efficiently notifies them, not one slowed down because of turf wars, regulatory complex or fear of litigation. I believe its now time to move forward. And we need to find solutions to this problem. I hope that the one good thing that comes from this yet another major data breach is that the American Consumers can finally get a system that works for them. I chair the Financial Institutions subcommittee that is going to have oversight over this data breach, and as security informational type of bill. And i can assure you, were going to try and look very thoroughly at this incident, as others, to find ways to protect the American Consumers. Mr. Chairman, with that, i yield back. The gentleman yields back. The chair now recognizes the gentleman from missouri, mr. Clay, the Ranking Member of the Financial Institutions subcommittee for one minute. Apparently he is not here. We then will go to the gentleman from michigan. Also appears not to be here. The gentleman from minnesota is mr. Mr. Ellison is recognized for one minute. Well, id like to thank the chair and Ranking Member for this important hearing. A lot has been said about the Equifax Breach. And a lot of the same things will be repeated today. But theres a few things that i think weve got to bear in mind. One is that equifax and two other big players in this industry of Credit Reporting dominate basically the whole field. As members of this committee know, ive been quite concerned about market concentration. I believe equifax is just too big. It needs to be reduced in size. We need to increase competition. And if equifax had to worry about a real competitor, i believe they would be better at safeguarding the data of consumers. It is the fact that markets have concentrated so high that basically other than transunion and experian, you know, equifax doesnt have to worry about much of any other kind of competition. That they can be lax with the data of people. I will look forward to the gentleman talking about some issues that i think are very important. I know that theres been some movement in the area of well, ill ill leave that to the rest of the questions. Time for the gentleman has expired. The chairman now recognizes the gentle lady from new york, miss maloney, for one minute. Mr. Smith, equifax was not just a breach of security. It was not just a massive, huge database breach. It was a breach in the trust of the American People in your company. We have the best markets in the world. And i believe that our markets run more on trust than it does on capital. So a breach of trust is something our markets cannot tolerate. And i join my colleagues in being committed to finding procedures Going Forward that this does not happen again. And that the law is enforced against those who breach and break the law. The time of the gentle lady is expired. Today well receive the testimony of mr. Richard smith, who is former ceo and chairman of equifax and adviser to the interim ceo. Prior to september 26th of this year, mr. Smith had been the chairman and chief executive officer at equifax since 2005. Before joining equifax, mr. Smith held various management positions at general electric, where he worked for 22 years. Without objection, the witnesss written statement will be made part of the record. Mr. Smith, you are now recognized for five minutes to give an oral presentation of your testimony. Thank you. Thank you. Thank you, chairman hensarling, Ranking Member waters and the honorable members of the committee. Thank you for allowing me to come before you today to testify. Again, i am rick smith. And for the past 12 years, i have had the honor of serving as chairman and ceo of equifax. Over the past month or so, ive had the opportunity to talk to many American Consumers and read their letters. Those impacted and not impacted alike and understand their anger and frustration that we have caused at equifax. This criminal attack on our data occurred on my watch. And i take full responsibility for that attack as the ceo. I want every american and everyone here to understand that i am deeply apologetic and sorry that this breach occurred. And that i also want the American Public to know that equifax is committed to dedicate their energy and time Going Forward to making things right. Americans have a right to know how this happened, and today im prepared to testify about what i learned and what i did about this incident while ceo of the company. And also what i know about the incident as a result of being breached by the companys ongoing investigation. We now know that this criminal attack was made possible by a combination of a human error and a technological error. The human error involved a failure to apply a patch to a dispute portal in march of 2017. A technological error involved a scanner that failed to detect a vulnerability on this particular portal that had not been patched. Both errors have since been addressed. On july 29th and 30th, suspicious activity was detected. We followed our security Incident Response protocol at that time. The Team Immediately shut down the portal, and they began their internal security investigation. On august 2nd, we hired top Cyber Security forensic and legal experts. We also notified the fbi. At that time, we did not know the nature or the scope of the incident. It was not until late august that we concluded that we had experienced a major data breach. Over the weeks leading up to september 7th, our team continued working around the clock to prepare to make things right. We took four steps to protect consumers. First, determining when and how to notify the public relying on the advice of our experts that we needed to have a plan in place as soon as we announced. Number two, helping consumers by developing a website, staffing up massive call centers and Offering Free Services not only to those impacted, but to all americans. Number three, preparing for increased cyberattacks, which were advised or common after a Company Announces a breach. And finally, number four, continuing to coordinate with the fbi and their criminal investigation of the hackers. Or at the same time, notifying federal and state agencies. In the rollout of our mediation program, mistakes were made for which i am, again, deeply apologetic. I regret the frustration that Many Americans felt when our websites and our call centers were overwhelmed in the early weeks. It is no excuse, but it certainly did not help that two of our larger call centers were shut down due to hurricane irma. Since then, however, the company has dramatically increased its capacity. And i can report to you today that we have had over 420 million u. S. Consumers visit our websites and that our call times or wait times at the call centers have been reduced substantially. At my direction, the Company Offered a broad package of services to all americans. All of them free, aimed at protecting the consumers. In addition, we developed a new Service Available on january 31st of 2018 that will give all consumers the power to control access to their credit data by allowing them to lock and unlock access to their data for free, for life. Putting the power to control access to credit data in the hands of the American Consumer. Im looking forward to discussing as much detail as you would like of that Service Offering during my testimony. As we all painfully learned, Data Security is a National Security problem, putting consumers in control of their credit data is a First Step Towards a longterm solution to the problem of Identity Theft. But no Single Company can solve the larger problem on its own. I believe we need a private Public Partnership to evaluate how best to protect americans Going Forward. I look forward to being a part of that dialogue. Chairman hensarling, waters, members of the committee, thank you for letting me speak today. Ill close by saying i am sorry again that this breach occurred on my watch. On a personal note, i want to thank the many hardworking and dedicated employees that ive worked with so tirelessly over the past 12 years. Equifax is a very good company. With thousands of great people trying to do whats right every day. I know they will continue to work tirelessly, as we have over the past few months, to right the wrong. Thank you. Mr. Chairman, point of order . The gentleman from california will state his point of order. I would request that the witness be sworn. It has not been the practice of the committee to swear in witnesses. As you know, the witness has to find before coming here that the testimony will be truthful. That should be sufficient. Chair yields himself five minutes for questions. Mr. Smith, i know this is your fourth appearance before congress. But i think you know, it speaks to the gravity of the situation. The number of our constituents impacted. And frankly, the number of Committee Jurisdiction lines that this crosse