Equifax chief executive Richard Smith has called the cybertheft of 143 million consumer credit files "the most humbling moment" in the company's history.
Clearly, Mr. Smith has not faced the wrath of the U.S. Congress. At least five Senate and House committees want a piece of the CEO and his company amid growing concern about the damage caused by the massive security breach.
Fasten your seat belt, Mr. Smith: It is about to get much worse. You better be getting intensive crisis-management training, including lessons in how to keep your composure while taking a verbal flogging on live TV. Mr. Smith will be lucky if the reception he gets on Capitol Hill and from regulators is merely "humbling."
Rob Carrick: A $500,000 lesson in how to fight identity theft
Other executives who have gone down this path before have not fared well. Remember Wells Fargo CEO John Stumpf, United Airlines' Oscar Munoz, Turing Pharmaceuticals' Martin Shkreli and Enron's Jeff Skilling? Mr. Stumpf was forced into early retirement after failing to show enough contrition over the bank's shady sales practices. Mr. Munoz remains CEO of United, but won't become chairman, as planned, after defending the forced removal of a passenger from a plane. Mr. Shkreli will serve time following a fraud and conspiracy conviction. Mr. Skilling is already there.
Equifax's Mr. Smith, CEO since 2005, has apologized to the roughly half of Americans and untold number of Canadians affected. The company is offering free credit monitoring and identity-theft protection to anyone who wants it.
That won't keep the wolves at bay for long. Even some Republicans, who have spent years trying to unwind Wall Street regulations, are muttering about much stricter oversight of credit bureaus. A handful of Democrats want someone to go to jail amid reports that three Equifax executives cashed in nearly $2-million (U.S.) in stock before the company disclosed the breach.
Equifax is in deep trouble, and so are the many lenders who shared customer credit information with the company. Its raison d'être is to collect and store highly sensitive personal financial data, and it failed miserably.
The U.S. Federal Trade Commission has launched an investigation, and there are whispers the FBI may also be looking into the matter. New York Attorney-General Eric Schneiderman has opened a probe. Equifax is facing dozens of class-action lawsuits, including at least one in Canada. And its shares have lost nearly 50 per cent of their value.
Allegations of insider trading may be just the start. Equifax was painfully slow to identify the breach (10 weeks), and then to make it public (another six weeks). And in the months leading up to the breach, the company was actively lobbying Congress and various federal agencies to ease up on regulation of the credit-reporting industry, including limiting its legal liability.
If some good comes out of this mess it will be a pile of new regulation and oversight for an industry that has operated in the shadows of the financial services industry for too long.
Most consumers don't have a direct relationship with Equifax. But Equifax and credit-bureau competitors TransUnion and Experian know a staggering amount about us thanks to the information shared by lenders, credit-card companies and other financial institutions. The theft – of names, birth dates, driver's licences and social security numbers – may be the largest ever, affecting as much as half the U.S. population and an unknown number of Canadians.
Consumers have long complained about how difficult it is to get credit agencies such as Equifax to correct mistakes on their credit records. The data breach suggests the company was more preoccupied guarding the front door than keeping those sensitive records out of the hands of hackers.
For all the outrage in the United States, Canadian politicians have been conspicuously quiet. On Friday, the Office of the Privacy Commissioner of Canada said it has opened an investigation into the the Equifax data breach after receiving complaints and dozens of calls from concerned Canadians. Equifax has acknowledged that hackers may have stolen "limited personal information" from some Canadians, but have provided no specifics.
It's hard to imagine the fury that awaits Mr. Smith in the coming weeks and months. Democratic Senator Elizabeth Warren – a long-time crusader for better consumer protection – and other U.S. lawmakers are already dialling up their outrage.
Politicians should be doing the same in Ottawa.