Equifax is practically a money printing press, and stands to profit handsomely from its recent loss of sensitive data on almost 150 million Americans, according to the Senate Banking Committee.
Questions about Equifax executives making insider trades off the recent breach were among others about the credit rating agency’s possible monetization of its system-wide failure earlier this year, lawmakers told now former-CEO Richard Smith.
Both Democrats and Republicans railed at Smith at a hearing on Wednesday, likening Equifax to a bumbling protection racket. They lamented the ability of the company to effectively sell data security products to millions of people rendered anxious and insecure by its screw-ups.
“It feels like a broken windows business model where you didn’t actively chuck the bricks, but your company allowed bricks to be tossed through windows,” said Sen. Ben Sasse (R-Neb.) “And then you might potentially be able to sell new windows to some of the same people whose windows were just broken.”
“It’s really hard to understand about it as a fraud protection product, when you think about the victims historically,” he added.
Sasse had been referring to Equifax’s ongoing partnership with LifeLock, a personal data security protection firm that has been marketing services to victims of the recent cyberattack.
On Sept. 7, Equifax disclosed it was victimized by a hacker, over the course of months earlier in the year. The security breach impacted 143 million Americans.
Sen. Elizabeth Warren (D-Mass.) said there has been a tenfold increase in LifeLock sign-ups since the Equifax breach. She also noted that the free one-year credit monitoring service offered as a response by the company could lead to a massive windfall.
“So far, 7.5 million people have signed up for free credit monitoring through Equifax, since the breach,” she said.
“If just one million of them buy just one more year of monitoring through Equifax at the standard rate of 17 dollars per month–that’s more than $200 million in revenue for Equifax because of this breach,” Warren added.
She said that the average financial reward to a consumer impacted by a data breach was $2, and noted that Equifax likely has insurance to partially-cover legal damages.
“The incentives in this industry are completely out-of-whack,” Warren added.
Equifax is one of three major credit ratings agencies that sell information about consumers, without their consent, to financial institutions. TransUnion and Experian are the other two.
News about data insecurity and inaccurate reports by the big three has broken in recent years, as Sen. Chris Van Hollen (D-Md.) noted, but Americans have been able to do little about it.
“The whole model of this industry is you collect information without permission from consumers and yet their economic lives depend on decisions you make,” he told Smith.
The Consumer Financial Protection Bureau has found that Equifax, TransUnion, and Experian are most frequently the subjects of complaints in its public database of customer grievances, as Van Hollen pointed out.
The lack of individual choice and agency in the credit reporting market was repeatedly brought up on Wednesday, from lawmakers on both sides of the aisle. An attendee sitting behind Smith dressed as Rich Uncle Pennybags—a.k.a. The Monopoly Man—only reinforced their line of inquiry.
“You also offer me a service to make sure the data you collect about me is accurate,” Sen. John Neely Kennedy (R-La.) said, stressing he wasn’t paid for the information in the first place. “I mean, I don’t pay extra in a restaurant to prevent the waiter from spitting in my food.”
Senators from both parties seemed largely supportive of future hearings on consumer credit reporting agencies, with an eye on reforming the monopolistic system.
“Maybe we ought to start thinking about opting in as opposed to opting out,” Sen. Heidi Heitkamp (D-N.D.) said.
Wednesday marked the second time this week that Smith appeared on Capitol Hill. On Tuesday, he testified before the House Financial Services Committee.
At both hearings, lawmakers questioned him about over $1 million in stock sales by three executives after the company first became aware of the breach. Smith claimed that Equifax didn’t know just how severe the breach was until weeks after the transaction.
“This stinks,” Sen. Jon Tester (D-Mont.) said of the timeline.
Equifax made roughly $800 million in profit last year.