October 04, 2017

Crapo Statement at Equifax Hearing

WASHINGTON – U.S. Senator Mike Crapo (R-Idaho), Chairman of the United States Senate Committee on Banking, Housing and Urban Affairs, today delivered the following remarks during a full committee hearing entitled: “An Examination of the Equifax Cybersecurity Breach.”

The text of Chairman Crapo’s remarks, as prepared, is below.

“This morning we will hear testimony from Richard Smith, former Chairman and Chief Executive Officer of Equifax, who held those positions until last week.

“I understand that you are now serving as an unpaid advisor to the company, and appreciate your willingness to testify about the events surrounding the breach and Equifax’s response while you were leading the company.

“Given the severity of this data breach, Congress will continue to examine the facts behind it and what can be done to prevent similar situations.

“Cybersecurity is one of the most pressing issues facing companies, consumers and governments alike, and is one of the biggest threats to our financial system.

“The amount of data that the private industry and the government collect and store is very concerning.  

“There is an intrinsic vulnerability in collecting and storing personal financial information, and we need to have a meaningful discussion on how to protect and limit access to it.

“The Banking Committee takes its oversight of credit bureaus seriously, as they are financial institutions under the Gramm–Leach–Bliley Act.

“Credit bureaus serve a critical function in our financial system and have become a daily part of every American’s life.

“Every day, these institutions intersect in people’s attempts to get credit cards, car loans, mortgages and other items.

“Consumers may know about their involvement in their lives, such as when they directly request a credit report, but sometimes they may not, like when a company requests a background check to determine their eligibility for a cell phone.

“The ability of Americans to easily access credit is one of the many things that make our economy and country the envy of the world.

“It is also why this breach is so shocking and concerning.

“Here is what we know based on information from Equifax:

“Equifax experienced a cybersecurity breach which potentially impacted more than 145 million U.S. consumers.

“The data that was taken included names, Social Security numbers, birth dates, addresses, and in some cases driver’s license numbers.

“In addition, credit card numbers for approximately 209,000 consumers and dispute documents with personally identifiable information for approximately 182,000 consumers were accessed.

“According to Equifax, the unauthorized access took place from mid-May through July 2017, with Equifax discovering the situation on July 29 and then finally cutting off the intruders.

“Here is what we need to know:

“Why did it take Equifax six weeks from the time it learned of the breach to tell the public, regulators and the 145 million American victims about it?

“Why were Equifax executives trading during this time?

“How strong were and are Equifax’s cybersecurity practices? 

“After the breach, what interactions did the company have with other credit bureaus and government agencies, in order to understand what - if anything - can be improved in terms of information sharing and mitigating consumer harm?

“Additionally, there are valid and important questions about the steps Equifax has taken to remediate customers and whether more needs to be done to minimize the potential harm to those affected.

“In an op-ed last week, your successor admitted that ‘answers to key consumer questions were often delayed, incomplete or both.’

“That same op-ed asserted that it is important to ‘give consumers the power to protect and control access to their personal credit data.’

“I look forward to having these questions answered, and exploring different options on how companies can better safeguard consumers’ information.”