Equifax CEO called to testify to Congress as the company is likened to Enron

Equifax facing multiple investigations

Richard Smith, the CEO of credit reference agency Equifax, which spilled some 143 million records in a hack disclosed on Thursday last week, has been formally called to give evidence before a Congressional committee next month.

Smith will testify before members of the subcommittee focused on digital commerce and consumer protection to explain the breach that has left half of American households wide open to identity theft.

Not only that, Congress will also want to know why the company only offered a year of 'free credit monitoring' to people affected and, in the small print, obliged them to waive away their legal rights to sue the company if they accepted the paltry offer.

The spilt data included not only names and addresses, but also the all-important social security numbers that the US government uses to identify individuals, numbers that are also used by the financial services sector in the US for the same purpose.

"We look forward to hearing directly from Mr. Smith on this unprecedented breach that has raised serious questions about the security of consumers' personal information," said representatives Greg Walden and Bob Latta in a joint statement, chairman of the House Energy and Commerce Committee and chairman of the subcommittee focused on digital commerce and consumer protection respectively.

The statement continued: "We know members on both sides of the aisle appreciate Mr. Smith's willingness to come before the committee and explain how our constituents might be impacted and what steps are being taken to rectify this situation."

It won't be the only congressional committee that Smith will be required to testify to. The House Financial Services Committee is also planning to hold a hearing on the Equifax data breach, while the US Federal Trade Commission has also announced that it is investigating.

At the same time, the company has been peppered with demands from representatives and senators to explain itself and the circumstances behind the breach.

Equifax yesterday confirmed that an unpatched flaw in the Apache Struts Web Framework was to blame for the breach, which is believed to have started in mid-May and only discovered at the end of July. Furthermore the company only publicly disclosed the breach last week.

That disclosure has raised questions over lackadaisical IT and security practices at the company, which holds vast databases of sensitive personal information.

Senate Democratic leader Chuck Schumer even compared Equifax to Enron, the multi-billion dollar energy trading company which blew up in 2001 amid allegations of accounting fraud.

"It's one of the most egregious examples of corporate malfeasances since Enron," said Schumer, adding that Equifax's treatment of consumers was "disgusting" while describing the company's incompetence in protecting people's data as "deeply troubling".