But Republicans tamped down expectations for any congressional action as this year the GOP-led Congress has rolled back several Obama-era rules affecting businesses and the financial sector.
The company has said that it believes that hackers accessed Equifax Canada's systems through a consumer website application intended for use by USA consumers.
Rep. Frank Pallone, D-N.J., says that if Equifax wants to stay in business, its entire corporate culture needs to change to one that values security and transparency. "Until we get those answers, Equifax should not be rewarded for reckless data protection with a $US7.25 ($9) million IRS contract".
The company at the center of the biggest breach of personal information just signed a contract with the federal government to provide, well, personal information. The contract, announced on September 30 via the Federal Business Opportunities database, is for Equifax to help the IRS identify taxpayers and prevent fraud.
He said a single person was to blame, who "did not communicate the need to patch the software", which then meant hackers were able to access the information. The company disseminated that warning by email the next day and requested that applicable personnel install the upgrade.
Equifax and other credit rating companies were advised in March by the Department of Homeland Security's Computer Response Readiness Team that certain computer vulnerabilities required patching.
Lawmakers pressed Smith about company executives selling stock in the company after the suspicious activity had been detected. Lujan asked if Equifax would pay for freezes at the other two credit bureaus, Trans Union and Experian, Smith obfuscated. They're men of integrity. Criminals stole the data between May and July, Equifax said.More news: US ambassador says Las Vegas shooting is 'terrible'
"That is still under investigation", Smith said.
Hackers seem to have made their entry between mid-May and end of July.
Smith stepped down last week in the wake of the breach, which has sparked numerous federal and state investigations as well as outrage from lawmakers.
"I worry that your job today is damage control". Anyone impacted by the Equifax breach should be notified by mail.
"We went from 500 call center agents to a need of nearly 3,000", Smith said. The company is now under investigation by the Department of Justice, the FBI and the Federal Trade Commission.
Late Monday, Equifax said an independent review had boosted the number of potentially affected US consumers by 2.5 million to 145.5 million.
The company says in later communication that it "acted immediately to stop the intrusion".