The two leaders of the Senate Finance Committee want to know more about Equifax's massive security breach, which put the information of more than 100 million Americans at risk.
Senate Finance Committee Chairman Orrin Hatch, R-Utah, and Ranking Member Ron Wyden, D-Oregon, submitted a letter Monday to Richard Smith, chairman and chief executive officer of Equifax Inc., in response to the recent cybersecurity breach the company experienced, which potentially impacts 143 million Americans.
"The scope and scale of this breach appears to make it one of the largest on record, and the sensitivity of the information compromised may make it the most costly to taxpayers and consumers," the senators wrote in a letter.
"To make matters worse, Equifax is a critical partner of the Internal Revenue Service, Centers for Medicare & Medicaid Services, the Social Security Administration, and other federal agencies that are the sources and recipients of the some of the most sensitive information affecting individuals, as well as the targets of the vast majority of identity theft fraud against taxpayers."
The Finance Committee requested answers to 13 questions in the letter, including a detailed timeline of the breach and its discovery, the company's plan to notify affected consumers, what steps the company has taken to limit potential consumer harm related to the breach, among other inquiries.
The credit monitoring agency announced Thursday that, between May and July, "criminals" violated a U.S. website application vulnerability to gain access to certain files.
Information collected primarily includes names, Social Security numbers, birthdays, addresses, and even driver's license numbers. Additionally, approximately 209,000 American consumers had their credit card numbers collected and dispute documents with personal information for approximately 182,000 Americans was retrieved.
The Federal Bureau of Investigation is investigating the security breach, according to ABC News. Likewise, an independent cybersecurity firm has been hired to provide recommendations to prevent another cybersecurity incident from occurring.
The committee requested a response from Equifax by Sept. 28.