Sending Office: Honorable J. Luis Correa
Sent By:
Alejandro.Renteria@mail.house.gov

Dear Colleague,

I invite you to sign onto my letter to Equifax expressing concern about the wide-scope breach of its computer systems and its response
to the intrusion.

 

As you know, recent news reports indicate that hackers exploited a vulnerability on the Equifax website to secure the sensitive
information (e.g. Social Security numbers, birth dates) of up to 143 million Americans. Despite knowing of the breach in July 2017, Equifax did not disclose the cyberattack until six weeks later. The delay in notifying affected consumers further risked exposing
them to criminal activity. Additionally, during that timespan, three senior Equifax executives sold their shares for a combined $1.8 million. Per the company, the individuals were not aware.

 

Please join me in expressing concern to Equifax about the data breach, its failure to disclose the intrusion in a timely manner,
and the impropriety of the sale of company shares by executives only days after the cyberattack.

 

To sign on or if you have any questions, please contact Alejandro Renteria at
Alejandro.Renteria@mail.house.gov by Thursday, September 14, 2017

Sincerely,

 

Lou Correa

Member of Congress

 

—-

Letter Text:

 

Richard F. Smith

Chairman and Chief Executive Officer

Equifax

1550 Peachtree Street NE

Atlanta, GA 30309

 

Dear Mr. Smith:

 

We write regarding the data breach at Equifax. As one of the three major U.S. credit bureaus, Equifax hosts the sensitive personal information of millions of Americans,
such as Social Security numbers, birth dates, and driver’s license numbers.

 

On September 7, 2017, Equifax announced its computer systems had been breached between mid-May and July of this year. Although the data breach was discovered on July
29, Equifax waited six weeks before informing the public. The delay may have further exposed affected consumers by not allowing people to pursue mitigative measures as soon as possible. Equifax has an obligation to safeguard the sensitive information of consumers
and notify individuals in a timely manner when their information has been compromised.

 

Reports indicate hackers utilized a vulnerability on the Equifax website to obtain the sensitive information of up to 143 million Americans – more than half of the
country. Per news reports, the credit card information of 209,000 Americans was compromised.
Please explain what factors affected Equifax’s decision to delay the announcement of the intrusion.

 

Also of concern, three senior Equifax executives sold company shares worth a combined $1.8 million a few days after discovery of the breach but before the public was
notified of the cyberattack. Equifax has alleged the senior executives were unaware of the breach.
If this statement is true, why were the three individuals – including the Chief Financial Officer – not notified given their prominent role within the company?

 

We are troubled by the wide scope of this data breach and Equifax’s response to this serious matter. Due to this cyber incident, our constituents are potentially exposed
to criminal activity, such as identify theft. Therefore, as representatives for many of those affected by the breach, we respectively request a detailed response to our concerns.

 

Sincerely,

Related Legislative Issues
Selected legislative information: Consumer Affairs, Finance, Homeland Security, Judiciary
icon eDC logo e-Dear Colleague version 2.0