WASHINGTON–Members of the Senate Finance Committee are demanding that Equifax answer questions regarding its massive data breach, including why three of its executives sold shares after the breach had been discovered.
For Equifax, the sale of stock by insiders is just one of several issues the company must now address since the breach, which affects as many as 143-million Americans, was announced. It has cancelled an initial requirement that consumers who signed up for its free ID theft protection waive their right to any class action litigation, and has had to respond to reports that it has been lobbying to weaken data security requirements.
The letter from the Senate Finance Committee was sent by Sen. Orrin Hatch (R-UT) and Ron Wyden (D-OR) requests that the company provide a timeline of the breach, including when the three Equifax executives, were notified of the problem. The three execs sold shares worth almost $1.8 million in the days after the breach was discovered, but before it was disclosed.
The Equifax breach was announced on Sept. 7, the same day the House Financial Services Committee was holding hearings on legislation that would reduce accountability for credit bureaus and other companies, including under the Fair Credit Reporting Act.
Now, according to the Wall Street Journal, the senators are examining more closely how Equifax and other companies have dealt with previous security breaches and about the company’s use of third-party security experts to test its systems — and whether they worked to fix any of the issues that were identified.
“The scope and scale of this breach appears to make it one of the largest on record, and the sensitivity of the information compromised may make it the most costly to taxpayers and consumers,” the senators’ letter states. “To make matters worse, Equifax is a critical partner of the Internal Revenue Service, Centers for Medicare & Medicaid Services, the Social Security Administration and other federal agencies that are the sources and recipients of the some of the most sensitive information affecting individuals.”
Equifax has until Sept. 28 to respond to the senators’ questions.
Meanwhile, Equifax spent at least $500,000 on lobbying Congress and federal regulators in the first half of 2017, according to its congressional lobbying-disclosure reports, the Wall Street Journal reported. “Among the issues on which it lobbied was limiting the legal liability of credit-reporting companies,’ the publication said.
The Wall Street Journal added that Equifax has also lobbied Congress and regulatory agencies on issues around “data security and breach notification” and “cybersecurity threat information sharing,” according to its lobbying disclosures.
Equifax hasn’t been alone. The other credit report companies, TransUnion and Experian, spent at least $128,000 and $690,000, respectively on lobbying in the year’s first half, the Journal said.