Former Equifax CEO Richard Smith refused to tell Congress on Tuesday that the company's effort to help the 145.5 million people whose data was stolen through the company would make them whole.
Smith resigned last week after the giant data breach was revealed publicly in early September, and in response, the credit-reporting company has said it would offer people free credit monitoring and free credit freezes to affected people.
But at a House Energy & Commerce Committee hearing Tuesday, Smith declined to say the company would cover all harm that consumers might experience as a result of the theft of their personal information, including addresses and Social Security numbers.
"We take this seriously, I've apologized, I apologize again to the American consumer," Smith said when asked if the company would agree to pay for any further harm people might suffer. "We've offered a comprehensive set of products for free."
Rep. Ben Lujan, D-N.M., asked if those steps would make consumers "whole."
"It will protect them going forward," Smith said.
"Will it make them whole? Yes or no," Lujan pressed.
"It is hard for me to tell if someone's been harmed, so I can't answer the question," Smith said.
Lujan pressed again, offering an example of someone who may have already been harmed by the theft of their information.
"As I said, I apologized, we've offered a comprehensive ..."
"Thank you very much, sir," Lujan interrupted.
Smith's opening statement made it clear he and the company apologized for the largest theft of data in history, which the company said Monday hit 2.5 million more people than the originally thought. Smith said the theft was made possible when the company failed to patch some of its software in time, despite repeated warnings that this step had to be taken.
"As CEO I was ultimately responsible for what happened on my watch," Smith said in his prepared remarks. "Equifax was entrusted with Americans' private data and we let them down. To each and every person affected by this breach, I am deeply sorry that this occurred."
"Whether your personal identifying information was compromised, or you have had to deal with the uncertainty of determining whether or not your personal data may have been compromised, I sincerely apologize," he added.