Former Equifax CEO says response should have been better

Former Equifax CEO says response should have been better
This July 21, 2012, file photo shows signage at the corporate headquarters of Equifax Inc. in Atlanta. Credit report company Equifax said Monday, Oct. 2, 2017, that an additional 2.5 million Americans may have been affected by the massive security breach of its systems, bringing the total to 145.5 million people who had their personal information accessed or stolen. (AP Photo/Mike Stewart, File)

The former chairman and CEO of Equifax says the challenge of responding to the concerns of tens of millions of consumers in the wake of a massive data breach proved overwhelming, and regrettably, his company made mistakes.

In prepared congressional testimony to be given Tuesday, Richard F. Smith outlines steps the credit reporting company is taking to regain the nation's trust. His appearance before a House subcommittee Tuesday morning is the first of several he'll be making over the course of the week before House and Senate panels reviewing a data breach that affected an estimated 145 million Americans.

In his testimony, Smith is offering apologies, an explanation of how the company allowed the hacking to occur and what it's doing to limit the damage for consumers whose personal information, including Social Security numbers, birthdates and addresses, was stolen.

Smith said the company's call centers were overwhelmed after the breach was announced on Sept. 7.

"Many needlessly waited on hold or were otherwise unable to have their questions answered through the call centers, which I deeply regret," Smith said in his prepared remarks.

Equifax had 500 customer service representatives dedicated to customers before the breach. Adding to the company's woes, two of the larger call centers in Florida were forced to temporarily close during Hurricane Irma. Now, the company has more than 2,500 customer service employees on duty and that number is growing, Smith said.

The company has also put in place a support package that includes free credit file monitoring, identity theft insurance and a credit lock that restricts access to a consumer's credit report without their permission. A service that will be available by Jan. 31 will allow consumers to lock and unlock their credit files repeatedly, for free, over the course of their lifetime.

Looking ahead, Smith said "this humbling experience has crystalized" the need for an industry standard that places access to credit data in the hands of the consumer. He said the company's lifetime lock program should become the industry standard. Second, he said the country should begin discussing the replacement of Social Security numbers as the primary means to verify a consumer's identity.

"It is time to have identity verification procedures that match the technological age in which we live," ''Smith said.

Lawmakers are expected to grill Smith about why it took the company so long to notify the public after he was informed of "suspicious activity" on July 31. In his prepared remarks, he is apologetic and said the millions affected are not just numbers in a database, but friends, family, neighbors and members of his church. He said accountability "starts at the top" and that was why he decided to step down as CEO and retire.

"Equifax was entrusted with Americans' private data and we let them down," Smith said.

The House subcommittee holding the hearing has jurisdiction over e-commerce and consumer protection issues.

Explore further: Former Equifax chairman apologizes for data breach