WASHINGTON - U.S. House Science, Space, and Technology Committee Chairman Lamar Smith (R-Texas) and House Oversight and Government Reform Committee Chairman Trey Gowdy (R-S.C.) today sent a bipartisan letter to Equifax Inc. requesting additional documents and information regarding the company’s data breach that affected more than 145 million Americans. The letter was co-signed by Science Committee Ranking Member Eddie Bernice Johnson (D-Texas) and Oversight and Government Reform Committee Ranking Member Elijah Cummings (D-Md.).

Today’s letter, which was sent to Equifax’s interim CEO Paulino do Rego Barros Jr., follows Chairman Smith and Chairman Gowdy’s September 14 letter to Equifax’s then-CEO Richard Smith that requested a briefing of committee staff by Equifax and a number of documents related to the breach.

The letter reads in part:

On September 14, 2017, the Committee on Oversight and Government Reform and Committee on Science, Space, and Technology initiated an investigation into the recent data breach of private consumer information at Equifax. We look forward to Equifax providing all documents in response to the five categories of requested materials in the September 14 request, as well as the requests that were made at subsequent Committee briefings.

As the Committees’ investigation continues and additional facts are established, the Committees anticipate making additional requests. The Committees appreciate the company’s willingness to cooperate with our requests for briefings and documents to date.

We have learned key facts through congressional testimony of Equifax officials, including former Equifax Chief Executive Officer Richard Smith when he testified the company’s “information technology personnel” failed to patch the vulnerability that was later exploited, and a scan of the company’s computer systems also failed to find the unpatched software.

To better understand the technical and process failures leading to the loss of over 145.5 million Americans’ personally identifiable information (PII), the Committees require additional information.

The letter can be found here.

Background:

  • In 2015, the Office of Personnel Management (OPM) disclosed a major data breach affecting more than 22 million individuals. As a result, the committees conducted oversight and held multiple hearings examining the OPM breach. 
  • The magnitude of the Equifax breach could potentially surpass the amount of information compromised by the OPM breach. 
  • Equifax reportedly first learned on July 29, 2017, hackers had been accessing the PII of as many as 143 million American consumers over the prior two months. 
  • On September 7, 2017 - nearly six weeks later - Equifax notified the public of the breach.
  • On September 14, 2017, Chairman Smith and Chairman Gowdy sent a letter to Equifax’s then-CEO Richard Smith requesting documents and a briefing related to the data breach.
  • The House Science, Space, and Technology Committee’s jurisdiction includes the standards of use for securing personally identifiable information. The House Oversight and Government Reform Committee has jurisdiction over how data breaches impact the federal workforce and national security.