Senator To Ex-CEO: Equifax Can't Be Trusted With Americans' Personal Data Republicans and Democrats alike are upset about the massive hack of Social Security numbers and other sensitive information at the consumer credit reporting company.
NPR logo

Senator To Ex-CEO: Equifax Can't Be Trusted With Americans' Personal Data

  • Download
  • <iframe src="https://www.npr.org/player/embed/555651379/555796381" width="100%" height="290" frameborder="0" scrolling="no" title="NPR embedded audio player">
  • Transcript
Senator To Ex-CEO: Equifax Can't Be Trusted With Americans' Personal Data

Senator To Ex-CEO: Equifax Can't Be Trusted With Americans' Personal Data

  • Download
  • <iframe src="https://www.npr.org/player/embed/555651379/555796381" width="100%" height="290" frameborder="0" scrolling="no" title="NPR embedded audio player">
  • Transcript

DAVID GREENE, HOST:

Senators, pretty angry senators, had some tough questions for Equifax yesterday. The heat was really on the CEO who just resigned. As NPR's Chris Arnold reports, Republicans and Democrats alike are upset about the massive hack of Social Security numbers and other sensitive information, one of the worst data breaches in American history.

CHRIS ARNOLD, BYLINE: The hack affected more than 145 million Americans - that's nearly half the U.S. population - and it happened because the company failed to act on warnings from the Department of Homeland Security to fix a software problem leaving it vulnerable to a breach for more than two months. That's what allowed the hackers to break in. Democrat Sherrod Brown told former CEO Richard Smith...

(SOUNDBITE OF ARCHIVED RECORDING)

SHERROD BROWN: This simply is not a company that deserves to be trusted with Americans' personal data. Your actions have exposed over half the country's adults to financial harm.

ARNOLD: This catastrophic data breach has lawmakers taking a close look at the entire credit-monitoring industry. Both Republicans and Democrats are calling cybersecurity experts to discuss legislation, and in the hearing, Republicans were landing some verbal blows on Smith, too. Republican John Kennedy of Louisiana raised a series of questions about Equifax's basic business model.

(SOUNDBITE OF ARCHIVED RECORDING)

JOHN KENNEDY: You collect my information without my permission. You take it along with everyone else's information and you sell that information to businesses. Is that basically correct?

RICHARD SMITH: That's largely correct.

ARNOLD: Kennedy said he didn't have a problem with businesses making money, but he took issue with an Equifax data-monitoring service which he said basically charges people to make sure the data Equifax collects on them isn't full of mistakes.

(SOUNDBITE OF ARCHIVED RECORDING)

KENNEDY: I mean, I don't pay extra in a restaurant to prevent the waiter from spitting in my food.

ARNOLD: Democratic Senator Elizabeth Warren zeroed-in on another way that Equifax makes money.

(SOUNDBITE OF ARCHIVED RECORDING)

ELIZABETH WARREN: In August, just a couple of weeks before you disclosed this massive hack, you said - and I want to quote you here - "fraud is a huge opportunity for us. It is a massive, growing business for us."

ARNOLD: In fact just a few days ago, the IRS agreed to pay Equifax for fraud prevention services. That struck Senator Kennedy as a little odd.

(SOUNDBITE OF ARCHIVED RECORDING)

KENNEDY: You realize to many Americans right now, that looks like we're giving Lindsay Lohan the keys to the mini bar.

SMITH: I understand your point.

ARNOLD: Elizabeth Warren said the incentives in the industry are out of whack. Equifax makes money selling credit-monitoring and fraud prevention services. It works through other businesses to do that, too, and has contracts with the government, and this massive hack means there'll be more demand for fraud prevention. So, she said, it's no wonder that the company didn't guard people's data more closely.

(SOUNDBITE OF ARCHIVED RECORDING)

WARREN: Look, you've got three different ways that Equifax is making money, millions of dollars, off its own screw-up.

ARNOLD: Equifax is offering free credit-monitoring for one year, but then people will have to pay to keep that service. Warren did some math and said that if just a small fraction of the people who already signed up for the free service stick with it and pay for just one year...

(SOUNDBITE OF ARCHIVED RECORDING)

WARREN: That's more than $200 million in revenue for Equifax because of this breach.

ARNOLD: Then there's the issue of Equifax executives who sold the company's stock before the hack was made public. Montana Democrat Jon Tester.

(SOUNDBITE OF ARCHIVED RECORDING)

JON TESTER: You had a hack. You told the F - the FBI about the breach. On that same day, high-level execs sell $2 million worth of stock.

ARNOLD: That didn't seem to be passing Tester's sniff test.

(SOUNDBITE OF ARCHIVED RECORDING)

TESTER: This really stinks. I mean, it really smells really bad.

ARNOLD: For his part, Smith defended the executives, saying to the best of his knowledge they did not know about the breach when they sold the stock.

(SOUNDBITE OF ARCHIVED RECORDING)

SMITH: These are honorable men who followed the protocol that was outlined by the organization.

ARNOLD: Lawmakers also raised questions about how much money Richard Smith stands to get as he retires. Democrat Brian Schatz.

(SOUNDBITE OF ARCHIVED RECORDING)

BRIAN SCHATZ: You leave with your base salary, unvested options and a pension roughly valued at $90 million. Do you think that's fair?

ARNOLD: Smith first said he wasn't sure that was the right amount, but then responded...

(SOUNDBITE OF ARCHIVED RECORDING)

SMITH: I've been fortunate. I've worked hard. And I don't set those compensation levels. The board does. The board's elected every year.

ARNOLD: It's unclear whether the board will move to reduce or claw back any of Smith's compensation. Chris Arnold, NPR News.

Copyright © 2017 NPR. All rights reserved. Visit our website terms of use and permissions pages at www.npr.org for further information.

NPR transcripts are created on a rush deadline by Verb8tm, Inc., an NPR contractor, and produced using a proprietary transcription process developed with NPR. This text may not be in its final form and may be updated or revised in the future. Accuracy and availability may vary. The authoritative record of NPR’s programming is the audio record.