WASHINGTON - Today, House Science, Space, and Technology Committee Chairman Lamar Smith (R-TX) and House Oversight and Government Reform Committee Chairman Trey Gowdy (R-SC) sent a letter to Mr. Richard Smith, Chairman and Chief Executive Officer of Equifax Inc., requesting documents and a briefing related to their recent data breach, affecting as many as 143 million Americans.
The letter states:
"While the sensitive data stored by Equifax is undoubtedly a target for hackers,
Congress has a responsibility to ensure the {personally identifiable information (PII)} of all Americans is properly protected."
"Equifax holds a wealth of PII for tens of millions of Americans, providing credit checks that are a crucial part of the decision making process for home loans, credit cards, and obtaining jobs."
"...the federal government relies on major credit reporting agencies like Equifax to provide identity verification services. Now, the ability of Equifax to provide such services and secure PII has been called into question."
"To better understand the ramifications of the breach for consumers and the federal government, the delay by Equifax in publicizing the breach, and any mitigating steps being taken by Equifax, the Committees request a briefing by Equifax no later than September 28, 2017."
Click here for full text of the letter.
Background:
- In 2015, the Office of Personnel Management (OPM) disclosed a major data breach affecting over 22 million individuals. As a result, the Committees conducted oversight and held multiple hearings examining the OPM breach.
- The magnitude of the Equifax breach could potentially surpass the amount of information compromised by the OPM breach.
- Equifax reportedly first learned on July 29, 2017, hackers had been accessing the PII of as many as 143 million American consumers over the prior two months.
- On September 7, 2017 - nearly six weeks later - Equifax notified the public of the breach.
- The Committee on Science, Space, and Technology jurisdiction includes the standards of use for securing PII. The Oversight Committee has jurisdiction over how data breaches impact the federal workforce and national security.