:format(webp)/cdn.vox-cdn.com/uploads/chorus_image/image/56969669/Screen_Shot_2017_10_03_at_10.25.30_AM.1507038537.png)
Former Equifax CEO Richard Smith is set to head to Capitol Hill this morning for U.S. lawmakers’ first hearing into a massive security breach at the company that has affected roughly 145 million Americans.
Smith, who retired from the credit-reporting agency last week, plans to accept responsibility for the incident, which compromised consumers’ names addresses, brith dates and Social Security numbers, and for some, their credit-card data, too. And he’ll acknowledge in testimony that Equifax “failed to prevent sensitive information from falling into the hands of wrongdoers.”
“The people affected by this are not numbers in a database,” the former executive intends to say. “They are my friends, my family, members of my church, the members of my community, my neighbors. This breach has impacted all of them. It has impacted all of us.”
Despite his apology, Smith is sure to face a full grilling from lawmakers on the House Energy and Commerce Committee -- the first of two congressional panels that are probing who’s behind the breach, the full slate of Americans who have been affected and whether Equifax should have adopted stronger security safeguards well before the incident occurred.
Some in Congress have criticized Equifax for charging consumers who sought to freeze their credit reports in the wake of the intrusion. Others have focused their ire on a series of stock trades made by Equifax executives before the company publicly revealed it had fallen victim to a major security crisis.
And still more lawmakers could press Equifax for steering breach victims to a website that promoted its own identity-theft products and services. That site, at least for a time, included language that appeared to suggest consumers could not join class-action lawsuits. Smith, for his part, plans to tell the committee today that the provision “was never intended to apply in the first place.”
Smith, personally, could face scrutiny for collecting a $90 million retirement package, despite the breach. The hearing itself comes hours after Equifax admitted that an additional 2 million consumers had been affected by the cyber intrusion.
This article originally appeared on Recode.net.
