Letter to Mr. Richard F. Smith, Equifax CEO - Demanding Answers from CEO on Data Cyber Breach

Letter

Dear Mr. Smith:

We write regarding the data breach at Equifax. As one of the three major U.S. credit bureaus, Equifax hosts the sensitive personal information of millions of Americans, such as Social Security numbers, birth dates, and driver's license numbers.

On September 7, 2017, Equifax announced its computer systems had been breached between mid-May and July of this year. Although the data breach was discovered on July 29, Equifax waited six weeks before informing the public. The delay may have further exposed affected consumers by not allowing people to pursue mitigative measures as soon as possible. Equifax has an obligation to safeguard the sensitive information of consumers and notify individuals in a timely manner when their information has been compromised.

Reports indicate hackers utilized a vulnerability on the Equifax website to obtain the sensitive information of up to 143 million Americans -- more than half of the country. Per news reports, the credit card information of 209,000 Americans was compromised. Please explain what factors affected Equifax's decision to delay the announcement of the intrusion.

Also of concern, three senior Equifax executives sold company shares worth a combined $1.8 million a few days after discovery of the breach but before the public was notified of the cyberattack. Equifax has alleged the senior executives were unaware of the breach. If this statement is true, why were the three individuals -- including the Chief Financial Officer -- not notified given their prominent role within the company?

We are troubled by the wide scope of this data breach and Equifax's response to this serious matter. Due to this cyber incident, our constituents are potentially exposed to criminal activity, such as identify theft. Therefore, as representatives for many of those affected by the breach, we respectively request a detailed response to our concerns.