"Humbled" Equifax CEO Explains Why Company Hesitated To Disclose Massive Data Breach

Two days after Equifax revealed that hackers had stolen the sensitive information of more than 143 million customers, prompting a deluge of lawsuits from outraged consumers alleging everything from negligence to outright fraud, the credit-security company’s CEO Richard Smith has chosen the op-ed pages of USA Today – America’s largest circulation newspaper – as the venue for a platitude-laden apology that we imagine will provide scant comfort to individuals who are now having their identities “repurposed” for all manner of nefarious purposes.

“This is the most humbling moment in our 118-year history,” Smith wrote “…because of the concern and frustration this incident has created for so many consumers.”

However, Smith deserves some small measure of credit for addressing the most pressing question, and what is tantamount to the company’s defense against the lawsuits alleging securities fraud. Following disclosures that several of the company’s executives, including its CFO, exercised options and sold stock worth $2 million in early August, just days after the company said it first learned about the breach. Previously, a company spokesperson said that the executives who cashed out had no knowledge of the breach.

Aside from the deluge of lawsuits, the company will probably face several federal investigations. Inquiries led by at least two Congressional committees appear likely. The public outrage has prompted lawmakers, including Virginia Democrat Mark Warner, to demand that the FTC pursue an investigation. On Monday, the Senate Committee on Finance sent a letter to Equifax demanding information about the data breach. Jeb Hensarling, the top Republican on the House Finance Committee, has indicated that his committee might make a similar request.

Richard Smith

But the most strident denunciation from Washington has come from none other than North Dakota Senator Heidi Heitkamp, a Democrat who sits on the Senate Banking Committee, who demanded that prosecutors pursue a criminal investigation, and that "somebody needs to go to jail."

Smith said the company hesitated to disclose the breach because it had hired a cybersecurity firm to conduct an investigation, and was waiting on the results.

“Equifax Security first discovered the intrusion on July 29. Understandably, many people are questioning why it took six weeks to report the incident to the public. Shortly after discovering the intrusion, we engaged a leading cybersecurity firm to conduct an investigation.


At the time, we thought the intrusion was limited. The team, working with Equifax Security personnel, devoted thousands of hours during the following weeks to investigate."

Meanwhile, Smith says the company’s top priority is assisting affected consumers:

“Our top priority is doing everything we can to support affected consumers. Our team is focused on this effort, and we are engaged around the clock in responding to millions of inquiries from consumers. Importantly, outside investigators found no evidence of unauthorized activity on our core consumer or commercial credit reporting databases.”

Smith added that the company accepts responsibility for the breach, and that it was working to do whatever it can to assist customers who’s data have been compromised.

“Consumers and media have raised legitimate concerns about the services we offered and the operations of our call center and website. We accept the criticism and are working to address a range of issues.


We are devoting extraordinary resources to make sure this kind of incident doesn’t happen again. We will make changes and continue to strengthen our defenses against cyber crimes. We will make sure every consumer who wants protection has a full package of services. And we will continue to update everyone on our progress.”

Unfortunately for Equifax, its attempt to mitigate this ongoing public relations disaster was foiled by the USA Today editorial board, who positioned on the page opposite Smith’s missive an official editorial blasting the company’s handling of the breach, accusing it of “[bungling] just about every attempt to remedy the mess.”

In what’s perhaps the editorial’s most gratifying snippet, the editorial board argue that consumers can be excused for being hard on Equifax.

“It's hard to give Equifax the benefit of the doubt, considering that the credit reporting agencies don't give you the benefit of the doubt if you paid your mortgage late one month five years ago because your kid was in the hospital.


Nope, that's just a black mark on your credit scores, which affect your ability to secure a loan, get a job or rent an apartment.”

Like they say, what goes around, comes around.