WASHINGTON — Sen. Elizabeth Warren, D-Mass., is broadening her probe into the Equifax data breach to look at whether the credit bureau should have disclosed the breach sooner than it did and if the company plans to claw back compensation from key executives.
Warren sent a letter Friday to Securities and Exchange Commission Chairman Jay Clayton, asking him to investigate whether Equifax broke the law by not disclosing the breach in an Aug. 16 investor presentation despite having discovered weeks earlier, on July 29, that hackers had broken into the company’s computer system. The company ultimately disclosed the breach on Sept. 7.
She also noted that, by the time of that presentation, Equifax had already hired a top-tier security firm to investigate the hack, which exposed personal data on 143 million consumers and led to a 30% drop in the company’s stock price.
"Investors who believed Equifax's August 16th presentation was complete and accurate would have suffered enormous losses if they decided to invest in the company on the basis of the presentation," Warren wrote.
Warren also inquired separately about the Equifax board's powers to claw back compensation. She and Sen. Catherine Cortez Masto, D-Nev., sent a letter to Robert Marcus, chairman of the board's compensation committee, asking if directors planned to claw back pay from Chief Information Officer David Webb and Chief Information Security Officer Susan Mauldin. Both executives retired on Sept. 15, roughly a week after the data breach was made public.
While Warren’s probe is aimed directly at Equifax, she has compared the company’s troubles with the Wells Fargo’s fake-accounts scandal that came to light last September and resulted in the replacement of then-Chief Executive Officer John Stumpf. Wells ended up clawing back compensation from Stumpf and Carrie Tolstedt, who headed the division that oversaw the employees who were creating millions of bogus accounts.
Warren also sent a letter to Elaine Duke, acting secretary of the Department of Homeland Security, because DHS had warned Equifax of a potential attack before the breach occurred. Warren asked if Equifax simply ignored the warning or if it is possible that the warning did not make its way through the proper channels.