Equifax CEO formally called to testify before Congress

The CEO of the credit reporting company at the center of a massive cybersecurity scandal has been called to testify before congressional lawmakers at the beginning of October.

Republicans on the House Energy and Commerce Committee sent a letter to Equifax CEO Richard Smith on Wednesday formally requesting his testimony before members of the committee on October 3.

{mosads}Smith will testify before members of the subcommittee focused on digital commerce and consumer protection. He had already agreed to testify before the lawmakers, but the letter represents a formal notification of his invitation to appear before the committee. 

Equifax, one of the three major credit bureaus in the United States, has been under fierce scrutiny since disclosing a data breach that exposed personal information on as many as 143 million Americans to hackers. 

Rep. Greg Walden (R-Ore.), chairman of the committee, announced last Friday that he would hold a hearing on the breach after receiving a briefing from Equifax. The company disclosed the breach on Thursday, opening Equifax up to questions and criticism from lawmakers on Capitol Hill. 

“We look forward to hearing directly from Mr. Smith on this unprecedented breach that has raised serious questions about the security of consumers’ personal information,” Walden and Rep. Bob Latta (R-Ohio), chairman of the subcommittee, said in a joint statement on Wednesday.  

“We know members on both sides of the aisle appreciate Mr. Smith’s willingness to come before the committee and explain how our constituents might be impacted and what steps are being taken to rectify this situation,” they said. 

The House Financial Services Committee is also planning to hold a hearing on the Equifax data breach. Additionally, lawmakers in both parties have sent letters to Equifax demanding more information about the scope of and circumstances surrounding the breach. 

The company says hackers gained unauthorized access to Social Security numbers, birth dates and other personal information on U.S. consumers for more than a month before the breach was discovered on July 29.