she's taking some of his comments out of context. >> yeah. dropped the mike there but clearly, you know, i think the question is going to be as pointed out earlier, is this going to hurt the stock, because wells fargo has underperformed at a time when banks have come back into a leadership position in the market, at least looking at its relative evaluation >> it has. some questions, of course, whether you can get new customers. it's not so much -- >> trust factor. >> the trust factor, people, obviously, parts of the bank that have nothing to do with this scandal still will tell you, certainly, makes it more difficult to bring in new customers when you're operating under the level of publicity >> jim has been tweeting and is watching this from wherever he is, said warren made a great point about how often tim sloan hiked cross selling. i was on those calls, the whole point, jim argues, why wfc had a

higher multiple was because of cross selling. >> made that point many times, quite some time, a higher multiple than the peer group as a result of the benefits of being able to sell in a sense across the product categories across the bank's many different divisions. >> and she showed all the evidence in the form of earnings transcripts, which jim likes, as well meantime, at the same time, we've been hearing from the former ceo of equifax. our aditi roy has been listening in to that one and has some of the recent developments ch what have we heard >> we have been sitting in on this hearing it's still under way right now with former equifax ceo richard smith getting grilled by 23 lawmakers on this house subcommittee here's what we've learned so far. when smith was questioned about why it took the company 40 days to notify the public about the breach, he said initially they didn't understand the scope of the breach, initially it was

termed as suspicious activity and they didn't know the scope and breadth and depth of what had happened also he was asked about the stock sales of the three equifax executives, including the company's ceo. after the breach was discovered, the company maintained the executives didn't know about the breach when they made the sales. during this hearing he did confirm that the company's general counsel did have to sign off on those stock sales, so a little tidbit there, and finally richard smith did start off his testimony with an apology, saying that as ceo he's the one who is ultimately responsible for what goes wrong, and that he is truly and deeply sorry for what happened. we will continue to monitor the hearing and go back in there and bring highlights as they progress back to you guys >> thank you for the recap in fact, let's take our viewers there right now, as the former ceo, richard smith, continues to take questions from lawmakers. >> free lifetime law product, starting january 31st, 2018.

>> that also extends to experion and transunion >> no, it does not >> would equifax pay for the freeze and lock at eperion and transunion for customers stolen by equifax >> the company has come out with what they feel as a comprehensive services today and lifetime lock. i would encourage, to be clear, i would encourage transunion and experion to do the same. it's time we change the paradigm, give the power back to the consumer to control who accesses his or her credit data. >> i'm down to limited time, i apologize. i'll take that as a no, equifax will not pay for consumers do you think consumers should have to pay a penalty for your mistake, including potentially identity thefts, medical identity theft, or do you want

to compensate consumers as a result of the breach >> we take this very seriously, we have offered a comprehensive set of products for free >> will those sets of products make consumers whole >> it will protect them going forward. >> will it make them whole, yes or no? >> it is hard for me to tell if someone has been harmed, so i can't answer the question. >> if someone's credit has been stolen and someone opened up a bunch of accounts, bought furniture, cell phones, a bunch of fuel and this consumer can't fix their history, they've been harmed in that case, will equifax make that person whole? >> congressman, as i said, i apologize, we've aefroffered tha comprehensive line of products >> in august 11th in your prepared testimony it says you were aware of a large amount of consumer pii on august 15th it says in your prepared testimony pii had been

stolen, it appeared likely, and you requested a detailed briefing to determine how the company should proceed on august 17th it said you held the senior leadership meeting on the investigation. you gave a speech also on the 17th about profiting off fraud with the new markets you shared with mr. pallone you were not aware of pii being stolen what is it >> congressman, on the 17th i had a full debrief from forensic auditors, outside counsel, and my team. i was aware on the 15th that there's been some pii compromised. how much, the scope -- >> i appreciate that clarification. you were aware it was stolen, just not aware how much. >> i was not aware it was stolen >> it says in your prepared testimony that you were aware that you asked for a detailed briefing to determine how the company should proceed so you were aware that pii was stolen on the 15th is that true or not true >> 17th was the detailed review

of when i learned about pii -- even at that time, which pii, was it stolen, not stolen, those details came to life, congressman, over the course of august >> mr. smith, on august 15th, were you aware that there was pii that was stolen or not >> on august 15th -- >> regardless of the amount, were you aware of that >> august 15th i was made aware hackers, criminal hackers, gotten into our system and had pii information. >> we can revert to your prepared testimony the other testimony that i have that we were asking on is chief legal officer john kelly still employed by you or by equifax? >> yes, he is. >> and you were the ceo at the time that approved the terms of the retirement for david webb and susan muldane. is their classification retired permanent or be changed to fired

for cause like yours >> there's an investigation going on by the board at this time >> mr. chairman, i know my time has collapsed here, if you will, but there's an article in wgn-tv that talks about equifax doing their own investigation into the three executives that sold their stock and profited, and i just, i guess, they must have a pretty good investigative team there, because between the press release that happened on friday or whenever it came out, then a story on sunday, and today we have a revelation that those folks didn't know that this breach took place. i just hope we get to the bottom of this, and again, mr. chairman, i hope we can be given assurance to the committee and the american people that this committee will have a mark up and a hearing with bills that we can take to the floor before the holidays to give the american people, consumers, confidence again, because this is a mess. thank you, mr. chairman. >> thank you very much gentleman's time expired chair now recognizes the

gentleman from mississippi, the vice chairman of the subcommittee, for five minutes >> thank you, mr. chairman, mr. smith. thank you for being here to testify today. in your written testimony and in response to some of the chairman's questions, you stated that you were informed of suspicious activity on july the 31st by your chief information officer and went on to discuss i certainly did not know that personal identifying information, pii, had been stolen, or have any indication of the scope of the attack did you ask him if there had been any personal identifying information that had been obtained >> congressman, at that time i was informed it was a dispute portal document. dispute portal document is something that typically houses if a consumer is disputing with us they paid off a utility bill, he or she may take a picture of the utility bill at that time that was the

conversation >> not to interrupt, but my question was, did you ask if any pii had been accessed? >> no, i did not >> were you made aware at that point of the apache hatch? >> no, i was not >> did you have meetings with your chief information officer or security department about any of this issue prior to july 31st >> no, congressman, i did not. >> have you had any meetings with them about any other security information during that time from march until july 31st? >> yes, we would have routine meetings, security reviews, it reviews. >> how often do you have those >> common due process at least quarterly. >> and why did you not have this discussion come up obviously, that's more than a quarter, so how many meetings did you have between that time of march the 8th until july the 31st with your security team >> make sure i understand your question -- >> how many meetings didyou

have during that time from march the 8th until july the 31st? >> i don't have that information with me. if that's important, we can get that >> well, how many do you remember do you remember any of those >> normally we would have i.t. reviews at least quarterly, security reviews at least quarterly, and then augment that as needed basis. >> with those meetings and those timelines of march the 8th and july 31st, we are covering into three quarters, not the total of nine months, but you touch into three quarters of that year and at any point in any of that did you have information about this going on >> no, sir, i did not. >> all right, in your testimony you indicate the security department ran scans in march for the vulnerability but failed to identify it can you explain how this is possible and why was there never any confirmation of anybody coming back and checking to see, okay, we have this identified information, there was a failure of someone on the team to

identify this, that it was being used, that the software was even being used was there no one coming in to verify that? do you have outside person prior to the ones you hired to look at this >> congressman, we get notifications routinely. the i.t. team and security team do, to apply applications. this individual, as i mentioned earlier, did not communicate to the right level to apply the patch. follow up, as you mentioned -- >> you said this individual. so you had one person responsible for this >> there's an owner of the patch process. there's a communication to go out in security, broad based notification, once they receive notification, they notify appropriate people, individual who owns the patch process cascades that communication. >> for everyone that's on your equifax team, is there anything more important than protecting pii of the consumers

>> no, sir >> would we identify that as the number one responsibility of the company and everybody in your company? >> we have for years sir, yes. >> so, just appears, obviously -- the job wasn't done, and so we know that, we're trying to look at this, and i know, too, it was an equifax spokeswoman who said we've taken short-term remediation steps and continue to implement and accelerate long-term security improvements as part of ongoing actions to help prevent this type of incident from happening again. so we have 145.5 million people whose pii has been compromised how many files do you have in the system >> worldwide >> yes, sir. >> i think someone mentioned earlier it is a public number out there of over 800 some odd million consumers and 100 million companies roughly. >> and we know this breach includes some from canada, some from the uk.

would that be fair to say even at this point? >> point of clarification there, there was some data that we had on 7,000 canadians in the u.s. so the data was in the u.s same environment we had some data on uk citizens also in the u.s. that piece is still under investigation. >> you know, my home state of mississippi has 3 million people 3 million people almost 1.4 million files have been breached in my state. if you take away people that are minors that don't have a file yet, almost my entire state's going to be impacted so this is a travesty, something that was preventable, we know, and so saying that we want to protect what goes forward doesn't bring us a lot of comfort today. thank you, i yield back. >> gentleman yields back chair now recognizes the gentleman from california for five minutes >> thank you very much

i thought i'd prepared for this committee, but i have more chicken scratch notes, i don't even know where to start mr. smith, welcome to washington are you currently employed by equifax? >> no, sir >> you are not when you decided to come before this committee, were you specifically requested by name to come to this committee by this committee, or were you offered up by equifax as the representative of equifax to come represent equifax before this committee >> i believe i was asked specifically to come before the committee. >> by equifax or the committee >> my understanding is by the committee. >> okay. apparently the committee asked for the ceo at the time, and at that time you were still the ceo, but you're no longer the ceo. did you enquire as to why the

current ceo or interim ceo didn't come before this committee? >> i did not, but i felt personally it was my obligation. the breach occurred under my watch, as i said in my written testimony and my oral testimony it, i ultimately take that responsibility, so i thought it important i be here. >> thank you, i get the picture. on august 31st, excuse me, on july 31st, you were notified of the suspicious activity that eventually, as we now know, is 145 million person breach. was it july 31st was it? >> yes, congressman. it was a brief interaction >> verbal interaction? >> yes >> you just referenced as an answer to another one of my colleague's questions on august 31st you received some kind of e-mail referring to the possible breach >> point of clarification, i was notified on the 31st of july by the chief information officer, dave webb, in a very brief

interaction that this portal seemed to have a suspicious incident there was a communication trail internally between others, also referenced that i was aware of this incident through my interaction with dave webb >> so that written trail was not directed to you. you were just mentioned in that trail that you had been verbally notified >> that's my recollection. >> mr. chairman, is it appropriate for this committee to ask for that trail of documents? >> ask counsel -- >> if it's appropriate to receive copies of that trail that it's been referenced more than once to some of our questions here on this committee, on this congressional

committee. it's come to my attention that several people are no longer with the corporation you're no longer officially with the corporation anymore. the cio at that time is no longer the cio of the corporation of equifax >> that is correct >> and then there's another highe higher-up that is no longer -- >> chief security officer. >> okay, chief security officer. however, the then-john kelly chief legal officer was the -- >> we'll take you across the hill back to wells fargo where chris van hollen has started the questioning. >> npr radio story, did you have a chance to hear that radio? >> i didn't, senator i listen to npr, but i didn't hear that. >> i would encourage you to do that, because one of my constituents came out to go to work one morning, his name was michael pfeiffer, heading out in february to his job in maryland at a company that builds guitars, he walked to the place where he parked his car, it wasn't there he called the police, said he was livid, said he thought

someone stole his car. turns out it wasn't a car thief at all it was wells fargo's repossessors he was faber gasted because his insurance was current. he went to wells fargo, the folks at the local branch said this is nuts, you're covered it took them, the employees of wells fargo, over two and a half hours just to connect to folks in another branch. my question is very simple if it takes the employees of wells fargo two and a half hours to get in touch with others, it takes individuals having to fight the system by themselves, don't you understand why it makes sense for people to be up a band together to file their claims against a big company like yours rather than have to fight you one by one >> senator, what i understand is

if we make a mistake, we need to make it right, and we've got to improve our processes. what i would like is to the extent mr. pfeiffer has not been made whole by us, i'd like to speak with him personally to make sure that we're handling the situation to his satisfaction if we made a mistake >> mr. chairman, i would just point out that you said it yourself, you were informing your customers to know about class action settlements so they can be made whole. that is the way lots of people can be whole, you know, made whole at once. mr. pfeiffer is one guy fighting wells fargo. i find it amazing that you would say your customers come first, and then you deny them the choice of how they seek their compensation thank you, mr. chairman. >> senator purdue. >> thank you, mr. chair. mr. sa loloan, thank you for be here how many states does wells fargo operate today? >> all of them >> are you regulated in every one of those states?

>> yes >> how many federal regulators do you have today? occ, federal reserve, cfbb, is that correct >> security regulators, too. >> were you supervised 2007, 2016, were you supervised by the federal reserve? >> yes >> in their oversight, and i'm sure they were quite involved, did they reveal any material issues during that period of time >> they have, but that's confidential information that i can't disclose, but we have an act of dialogue -- >> relative to this breach -- >> in terms of the retail accounts no, they did not >> were you supervised by the occ during this period of time >> yes >> did that oversight reveal material issues related to this situation? >> yes, it did, and the prior comptroller of the currency, mr. curry, has testified to that >> did the cfpb come up with anything, any material issues, during this period of time >> not to my knowledge >> in dealing with these

regulators, are there any outstanding -- >> absolutely. i have a long to do list yeah >> and how is the company reacting to that list of corrections? >> we're listening i mean, i think that -- >> i'm sure you're implementing, too, right >> that's where i was going. we're listening to their concerns, and we are making fundamental changes, not only because i think they make sense as ceo, but because our regulators also believe that there are other changes that we need to make, and we're being very responsive. i'm sure if they were here, they would say we're not moving as quickly as they would like, which i appreciate that, but our commitment to making -- to fixing anything that's broken and making wells fargo the best bank in this country is sacrosanct from my perspective >> i think we'd agree no way to sugar coat this as a serious issue and i appreciate your

handling it the way you are. i want to get to the governance issue, though. you have an internal audit capability inside wells fargo today, is that correct >> that's correct. >> as ceo that was your responsibility roughly how many people across the country are involved in that internal audit effort? >> oh, gosh. well, first let me correct something -- >> hundreds or -- >> senator, the audit group is actually a separate -- it reports separate from the financial organization because they have to audit the financial organization, so our -- >> to whom do they report? >> the chief auditor, david julian, reports to me, but has a direct reporting line also to our audit examination committee. >> right you also, your board, has an external auditor, as well. >> that's correct. >> to whom does that external auditor report >> well, they report to our shareholders >> right >> they also provide independent reports to our board on our financial conditions and other matters. >> during this period of time

when these indiscretions were occurring, did any report from either the internal audit capability or external audit capability disclose any of these bounties >> the internal auditors did, though i would say that was another area they could have done a better job, and i think david julian, our chief auditor, made fundamental changes there, but when it was reported to the senior leadership team, we should have taken more aggressive action. >> has any other breach of operation occurred that has not been made public yet >> well, minor breaches maybe, but that was one of the reasons why we went above and beyond the normal standard of materiality in our second quarter 10q to provide an update on things like cpi, on gap insurance, on hard holds, on ofak, a variety of different matters, because as i've encouraged our team, we

need to make sure we're more transparent to our stakeholders than we've ever been >> so going forward, has the scope of the internal audit function and external audit function been expanded relative to this problem? >> it's -- it has expanded and it's been reorganized to reflect the reorganization we've done within our company i don't know the answer as to the number of folks from kpmg that cover us today, but my guess is there's more than there was a year ago and the year before >> thank you, mr. chairman >> thank you, senator heitkamp >> thank you, mr. chairman one of the most important things that we can accomplish here is to figure out whether we actually see and have a sense that there is a culture change at wells, mr. sloan. and i have to tell you, i've been listening to the line of questioning, and i think anyone with an open mind would question whether we are actually seeing a culture change so let me kind of run through

this senator warren asked you about the "l.a. times" at the time that this story broke, and we can all acknowledge that "the l.a. times" had a huge role in this, and you said, well, you didn't have evidence about that, so you didn't really respond to it but then once it became a bigger scandal, then we're going to fix it so then we find out when we talk about, well, we're going to fix it we now realize that this is a problem and there's been mistakes made. and then we find out after the we will fix it that there was knowledge of this problem years before the "l.a. times" story, that upper management knew about this problem and thought that they had managed it and fixed it they didn't fix it okay then we fire employees, who open fake accounts. saying they are the problem. it's this community bank problem, that's where the problem is but you also fired those who

refused to play the game, and we know that that happened, because they have since participated in public discussions about how they tried to whistle blow on this and then again when we raise these issues you say trust us, we're fixing it, and they come before this hearing, wasn't you, mr. sloan, but come before this body, and say, wow, this is all you need to know we now have turned the corner and it's all going to be okay. only then to have this insurance scandal exposed. but now we hear we're going to fix it so, okay, i'm like that's three times. you know, i know a little bit about baseball seems like you strikeout after three times of promising something you don't see, but what i want to say to you, because it goes back to your response to senator warren about "the l.a. times. in the course of just about 15 minutes here, you were told about an overdraft problem in the 11th circuit

now, if i ran an organization, i would know if i were in the 11th circuit with the discussion on overdraft protection but you said you were not familiar that sounds familiar then you were asked about a legal position taken in utah about arbitration, which was in the media. you said, i don't know about that i would know about that if i were you i would know about that if i were you, especially coming before this body and then a national news story about wells fargo being involved in a wrongful repossession of a car, a news story that literally millions of people listened to, and you're not familiar with it. this is problematic for us, because we need to see that there's actually a culture change, that there is a reaction to these kinds of consumer failures and we don't really hear it here what we hear a lot of is, don't know, look into it, we really care about the customer. now, i would assume that where

we are right now is a lot of soul searching at the highest ranks. soul searching at the highest ranks of wells fargo and correct me if i'm wrong, what i heard you keep saying is mistakes were made at the community bank, driven by wrongful incentives that were provided to the employees. right? i have not heard you say other than taking responsibility for the incentives, i haven't heard you say mistakes were made at the highest level of wells fargo. i mean, we can say, yes, we've lost a ceo and, yes, there's been some punishment, and, yes, we're moving over, but the bottom line, i do not hear a level of culture change that satisfies me today and i think that that is something that's very problematic for wells fargo going forward, because i'm not familiar is not an answer we should be getting here

it should be, yes, we're aware of that, we're fixing it and when we only hear i'm not familiar, we wonder what else we're not familiar, and i would caution you when you say this is everything, that's what the last ceo told us. and then the insurance scandal broke. so, you know, it's up to your board to figure out what they are going to do, but i hope you take these comments as constructive, because it's not helpful for you to say you're not familiar >> senator, i appreciate your comments, and in my opening statement i was very clear that we take responsibility for the mistakes that we've made when i say we, i mean me i'm the ceo of this company. the buck stops with me every day. i apologize that i'm not familiar with every matter, but to the extent that i'm not, right, we're going to follow up on all of those. as it relates to senator warren's comments, she asked me

not if i was -- about "the l.a. times," she talked specifically about information at "the l.a. times" provided and if i took action in that interview, they didn't provide me with any information, so i can't take action if "the l.a. times" didn't provide having said that, we took action when that information got to the senior leadership team i've taken responsibility for the fact that we didn't take aggressive enough action that's why we're making the fundamental changes that we're making at wells fargo to make things right for our customers and our team members and all of our stakeholders, but having said that, senator heitkamp, i completely appreciate your frustration. i am angry about what happened at this company, and i pledge to you not only are we fixing it, but we will fix it [ inaudible >> you cannot segregate the top

from the bottom, and it seems to me that when you say we, we didn't get any information from "the l.a. times," you shouldn't have had to have information from "the l.a. times." should have read the story and said, is this true, let's go find out >> and we did. and we did >> well, you knew it was true, because you knew about this years before that. >> no, senator heitkamp, we didn't, and the board actually conducted an independent investigation where they looked at millions of documents they interviewed hundreds of people, and their conclusion was consistent with what i've said publicly here and elsewhere in the last year. and that is that the issues within the community bank were elevated to the leadership team, including me, in late 2013 we should have and could have taken more aggressive action i apologize for that we've taken that aggressive action right now to fix the things that are broken

2013 >> i think that we had a document going back to 2008, but i'll have to hunt it up. i don't have it in front of me thank you, mr. chairman. >> senator cotton. >> thank you, mr. chairman mr. sloan, welcome to the the committee. >> another heated exchange between wells fargo ceo and one of the lawmakers he's testifying there. that was senator heidi heitkamp, democrat from north dakota, going after sloan for the cultural change and questioning whether there has been one about those bank account scandals, what he knew, when he knew it. sloan answering those questions, of course, after senator elizabeth warren's tough questions to him, in which she told him that he should be fired. our wilfried frost has been inside the hearing room listening, covering tim sloan from the very beginning, and covering this bank, wilfried what's your reaction >> yes, let's just recap some of the highlights of the hearing so far. as we just heard, tim sloan's tried to focus his comments on

some of the changes he's made since he was ceo, but most of the questions he's faced have focused on what he knew and what he didn't act upon in his time from 2011 to 2016 as ceo, head of the wholesale bank, then coo. here's his initial response to what he knew then. >> in 2013 when the sales practices issues were elevated to the operating committee, i sat on that operating committee, you're absolutely correct, and my role at that time was cfo, it was elevated to that group, we took action, but in hindsight, senator, we took action that was insufficient, as i said in my opening statement. and i'm angry about how we handled the problems historically i'm disappointed in how we have done -- how we handled those, but the fundamental changes that i've made since we've been ceo are addressing the failings that the board report pointed out, our regulators point out, and

the mistakes that i saw in my prior roles. >> now, senator warren jumped on the fact of what he knew earlier before he was ceo, and directly quoted to mr. sloan comments he had made as cfo on an earnings call in april 2011, and she landed a significant blow as she did it let's take a listen. >> in the april 2011 call, for example, i think i've marked that one, you said, "i can't wait to get a credit card in every one of our credit the worthy customers' wallets. nothing about whether your customers wanted or needed a wells fargo credit card, all that mattered was opening new accounts >> of course, cross selling was central to this whole scandal when it erupted initially. i should say that later senator warren quoted something from july 2016, sloan pushed back against that, saying she was

taking it out of context asked her to read more of the quote, which she didn't do either way, this was senator warren's conclusion. >> at best you were incompetent, at worst you were complicit, and either way, you should be fired. >> the hearing continues, sara, the stock price down about a percent today. >> all right, thank you very much for summing up some of the testy moments inside that wells fargo hearing. i want to take you back now to the house energy and commerce committee, where there is another heated exchange going on, this with richard smith, who stepped down as equifax ceo last week, in the hot seat taking questions. >> second board meeting on the 25th, subsequent board meetings routinely, if not daily, in many cases through as recently as last week. >> thank you, and my time as expired, mr. chairman. >> thank you very much the gentleman's time has expired and the chair now recognizes lady from california for five

minutes. >> thank you, mr. chairman, and thank you, mr. smith, for appearing here today as many of my colleagues have highlighted the events that led to this data breach and the actions that equifax management took after the fact are very upsetting. seems many americans are in a place of breach fatigue, but this latest event that could potentially impact nearly half of all americans should light a fire under every single member here, and i think you've noticed that it has lit a fire we cannot follow the same script after the next inevitable data breach that's one of the reasons why i am also supporting congresswoman schakowsky's secure and protect america's data act it's not as though this type of legislation is unprecedented 48 states have implemented laws that require consumers to be notified of security breaches. i'm pleased that my home state of california was the first state to pass this kind of notification law in 2002 today, if california residents' personal data is hacked, state

law requires they are notified in the most expedient time possible and without unreasonable delay we must act to ensure all americans are subject to protections like this at the federal level. mr. smith, because equifax, without doubt, has information on many california residents, the company is subject to the california data breach notification law can you please describe to me how equifax come pliplied with e state law? were california residents notified of the breach as required >> congresswoman, i don't have the specific knowledge of the california law i can tell you, though, that we worked as a team, including with our counsel, to help us ensure we're doing what is right for the consumer and the most expedient manner as possible, so we're aware of the requirements of the different state laws, i just don't have the specific knowledge as it relates to the state of california.

>> so you also dent know, because the law requires equifax to supply a copy of the breach notification to the attorney general. you don't know whether this was done >> congresswoman, i do not, but we can have our team follow up through staff if that would be helpful. >> okay. in the context of this breach, if data that you hold is about me, do i own it? do i own my data >> could you please repeat the question >> in the context of this breach, if the data that you hold is about me, do i own it? >> congresswoman, we are part of a federally regulated ecosystem that's been around for a long time, and it's there to help consumers get access with their consent to credit when they want access to credit >> well, can you explain what makes data about me mine compared to what make it someone

else's >> the intent, if you will, of the solution we have recommended, we implement and are going live with in january of 2018 is, in fact, to give you as the consumer through this lock product for life free the ability to control who accesses your personal information and who does not >> so at that point in time you believe that i can say i own my data, is that right? >> you'll have the ability to control who accesses and when they access your data. >> okay. could i ask you some further questions following along to what others have asked about credit locks and credit freezes? now, limiting access to credit, even for a short amount of time, can have real financial consequences, especially for low income populations how quickly will a file be able to be locked and unlocked, and how will you ensure that speed >> congresswoman, thank you for that question.

that is a great advantage of the product that we're offering for free, versus the freeze, which again was -- came about in 2004 out of regulation. and there states dictate how quickly you can get access to freezing and unfreezing your file, and oftentimes that can take days, if not weeks, because we're mailing data back and forth to the consumer. in this case, the intent is in january of 2018 on your iphone you can freeze and unfreeze your file instantly at the point you want it locked and unlocked. >> so, and i recall that one of my colleagues asked whether a credit lock is the same thing as a credit freeze and you said it was. is that correct? >> as far as protection to the consumer, congresswoman, it is as far as ability to lock or unlock and freeze or unfreeze a lock is far more user friendly >> okay. so, you currently offer a credit

lock product now, and you plan to offer this other one for free starting the end of january. and can you describe for me why you consider that -- would a lock be more economical for you, or would a freeze be i'm trying to get a sense of the difference, because i think there is a difference here >> if i may one more time to try to clarify as far as protection, they are the same the lock you're getting that we offer to consumers on september 7th gives you the same level of security you'd get from a freeze or from the product that's going out in july -- january the difference is, the lock is browser enabled, january's lock will be an app on an iphone. and secondly, instant on,

instant off, versus the freeze or today's lock. >> i've got more questions, but i've run out of time thank you. >> thank you very much the gentleman from illinois is recognized for five minutes. >> thank you, mr. chairman sir, thank you for being here today. this is, obviously, a huge issue. 145 and a half million people affected by this data breach, that's nearly half of all americans. that's a failure on multiple levels it's a failure to keep consumer personal information secure, it's a failure to appropriately respond to a breach, and failure to notify the public and much more my constituents and the american people need not just answers, but they want assurances they are not going to be financially ruined by this i do want to make a quick point. mr. lujan asked if the people harmed by this would be made whole and you made a statement, and i understand there's probably some legal and technical reasons for this, but you said i don't know if consumers are harmed, were harmed i want to make the point that i think that idea that people are not harmed in this is ludicrous.

of course, they are going to be harmed, even if there's no financial harm that comes from them, just even having this information exposed is a massive deal, but i fear we're going to see bigger repercussions from that mr. smith, i was surprised to find out equifax initially included a requirement that consumers consent to a mandatory arbitration clause why did that happen? why was that the beginning part of the rollout >> congressman, thank you for that question. i want to clarify. the product offering that went live on the service offered on the 7th was never intend to have that arbitration clause apply to this breach. it was the standard boilerplate clause as a part of a product. as soon as we learned that the boilerplate term was applied to this free service, i think it was within 24 hours we removed that and tried to clarify that that was a mistake one of the mistakes i eluded to in my oral testimony through the

remediation product on september 7th. >> so does equifax require consumers to consent to arbitration with respect to any of its other products, and if not, is that information prominently disclosed to the consumer >> not as it relates to the breach, congressman. >> well, the question is about what about any other products do you require consent to arbitration? >> some of the consumer products we have there's an arbitration clause in there, standard clause >> what's the reason for that? >> i don't have that answer other than it's a standard clause >> hopefully you can get that to me, that would be good your press release indicates the company found no evidence of unauthorized activity on equifax's core consumer or commercial credit reporting databases. what are equifax's core consumer and commercial credit reporting databases, and how are they distinct from the databases containing personal information thachs that was subject to the unauthorized theft >> congressman, the area that was impacted here was a consumer dispute portal

the consumers would come in and dispute activity with us as separate than if you, congressman, talked about the credit file on their hand, that is separate from the core credit data that consumers have in our database >> so, in essence were there 145.5 million people at one point had disputed credit issues then, if that was the -- >> the portal they used, they could have been in that portal for multiple reasons, and we also by regulation have to keep data for extended periods of time in some cases seven-plus years, so it's a lot of data for a lot of years, but it's outside of the core credit file itself. >> which company -- i guess kind of which company databases were accessed, but why wouldn't you consider that, then, maybe this is a change now after this, why wouldn't you consider that to be part of the core consumer commercial credit reporting databases? >> just the way we define it the credit file itself is

housed, managed, in a completely separate environment from a database that consumers come into directly. the core credit file itself is largely accessed by corporations, companies that we deal with, versus consumers. >> okay, so i just want to make sure, and you have to forgive me, i'm not an i.t. expert to get 145 million people's records in only the dispute database, i guess i'm trying to figure out if you didn't really answer the question in terms of were there 145 million people disputed at some time, or was there another entry somehow through that that went into other information. maybe i don't understand the i.t. part of this. >> the only entry was to the consumer dispute portal, and that is a completely separate environment than the credit file itself we also, as you might recall, has a lot of data for small businesses in america. that environment, which is part of the definition you were eluding to, was not compromised

either >> okay. and lastly, are your core consumer or commercial credit reporting databases encrypted? >> we use many techniques to protect data encryption, tokenization, masking, encryption in motion, encrypting at rest to be very specific, this data was not encrypted at rest. >> this one, but your core is? >> some, not all some data is encrypted, some tokenized, some in motion, some masked varying levels of security techniques that the team deploys in different environments around the business >> okay. thank you, sir, i yield back >> thank you very much gentleman yields back. the chair now recognizes the gentleman from california for five minutes >> i thank the chair for holding this hearing mr. smith, it's my understanding that compromised information was due to an unpatched

vulnerability in the web application framework apache struts besides the company's online consumer dispute resolution portal, does equifax have any other portals that use apache struts >> no, sir this was the environment that deployed struts. >> okay, that was a simple answer we might need to restart my time in addition to equifax's credit monitoring and reporting services, the company has equifax for business offerings, and in this capacity operates as a data broker. as a part of these services, the company collects large amounts of data about consumers without consumers having any knowledge of this happening. was this information compromised in the breach? >> i think i understand your question, but could you repeat that one more time so i get it right? >> you're familiar with the equifax for business offerings >> yeah, yes, so we do have product offerings and solutions

for small businesses, medium-sized businesses, and large businesses across the country. correct. >> right was information from equifax for business also compromised in the breach >> no, congressman, it does not. goes back to the question earlier part of what we call our core credit data it was not compromised >> we're going to take you out of this hearing on the hill and show you a live picture of san juan nunez air force base about nine miles east of san juan, where the president has just arrived. expected to get a briefing about the recovery in puerto rico. he'll meet with some individuals who have been impacted by the storm. he'll meet with the governor of puerto rico, governor of the u.s. virgin islands, as well as military personnel 3.4 million residents in puerto rico, a large portion of whom are still without gas, power, and water. and that briefing, contessa brewer, who joins us from san juan, will be attended by mayor cruz, who, of course, was critical of the president leading into last weekend.

>> yes, this is about saving lives, not about politics. this is what the mayor of san juan said about with the president today. she said open lines of communication are important. this is about saving lives, not about politics this is also about giving the people of puerto rico the respect we deserve in recognizing the moral imperative to do both there are a lot of desperate people on this island. they are desperate for food and water, medicine and gas, and today the governor of puerto rico said the situation is improving. they have got thousands of dod boots on the ground in puerto rico, hundreds of fema operatives out there and working out the logistics of how to move food and water into the most isolated places. they are still in many cases depending on airdrops of supplies into these places that are most isolated on the island. we drove the island. it's unclear how president trump

is going to be able to get a sense of the real magnitude of this damage by staying in the san juan metro area, and the governor said he doesn't have any clear details about whether the president is going to get a fly-over of the island, whether he'll be able to go out into some of these hard hit neighborhoods because certainly in areas of san juan life it coming back and people are having dinner at sidewalk patio cafes. we do know that the president is meeting with the governor of puerto rico, the mayor of san juan and the governor of the u.s. virgin island who is coming here to meet him because of the logistical problem of getting to st. thomas, st. john and st. right now and those are islands still trying to get power back up and running after irma happen. they had two storms hitting the communities very hard. still communities in puerto rico that don't have power post-irma so it's been weeks and weeks of this and now we're being told, police are going out and telling people, look, it's going to be months, if not a yore or more

before you get power back, even with the massive response here, guys, and so the president is likely to get some taste of that have today the governor of puerto rico says he plans to ask for more money, and he says he wants the aid package to reflect the damage on this island and to be commensurate with what texas and what florida were seeing as well >> yeah, and that sort of brings us to the political controversy that, unfortunately, had to surround this, contessa, not just that -- not just that twitter battle with the mayor of san juan but also the fact that there was criticism around the president taking 18 days to waive the jones act which limited ships from bringing in relief supplies, the fact that he was tweeting all weekend about the nfl. in fact, let's just listen in. >> reporter: yeah, i mean, those tweet did not go over well down here

>> thank you, mr. president. welcome, mr. president. >> thank you for everything. >> welcome, mr. president. welcome, mr. president. >> thank you, sir. great to see you >> does anybody recognize this person >> thank you for coming. >> i need this clear behind me now. >> sir, we're going to go this way over here. >> thank you, ma'am. >> sir, i know how this works. thank you, ma'am thank you. okay thank you. >> so clearly our shot was a little fuzzy there, and we were trying to get you some of the audio as we heard it on the ground a lot of people thanking the president and his wife, first lady melania, for being there. contessa brewer, we were talking a little bit about the fact of

the reaction on the ground to some of the reaction from president trump to puerto ricans and just what they were processing and how they were feeling about it >> reporter: yeah. i mean, the tweets did not go over well. i didn't talk to a single person on this island that was happy about the back and forth from twitter, and especially when he was calling into question the self-sufficiency of puerto ricans, they were out there clearing the roads, taking care of themselves, so didn't go over well here. >> yeah. all right. we'll watch that, the president in puerto rico today also want to take you back to this hearing going on the senate banking committee. senator elizabeth warren back at it the firing at tim sloan, the ceo of wells fargo. >> promising to spend $11.5 billion in the next year buying back wells fargo stock you've made this public announcement you have that much extra money so, look, if you stick to your current plan, it's clear that wells fargo employees making

$30,000 or $40,000 a year are going to get screwed just like they got screwed in the fake account scandal before it was executives who demanded new accounts be produced at all costs, but it was 5,300 front line employees who paid for that with their jobs, and now that the fake account scandal has tanked wells fargo's reputation your way of pumping up the bottom line and keeping wall street investors happy is to slash costs by firing low-level employees. you know, what happens in these cases, mr. chairman, in these corporate scandals, it's almost always the front line workers that pay the price, not the executives, and the only way we're ever going to stop these scandals is to hold executives personally accountable, to fire the people who are responsible and when they break the law to march some of them out in handcuffs, and until we do that, these scandals are going to continue and working people are

going to continue to take the brunt of it. thank you, mr. chair. >> thank you -- >> senator, could i respond to that >> yes, as a matter of fact, i'm going to take my last word as the last questioning period. i am interested in what your answer would be to senator warren's statements and the assertions that she makes. >> i couldn't disagree more with almost everything that senator warren said. i think it's inappropriate to take various statements out of context and multiply numbers and then apply them to people because then what you're saying, you're scaring people and that's inappropriate. when you look at wells fargo i've said first and foremost my commitment is to our 270,000 team members to make sure that they have got a safe place to do business in, to serve their customers, that they are paid fairly, and what those team members are saying to us, even in the midst of the fact that we have said that we need to become a more efficient organization is

they like working at the company because our attrition is down. it's down to its lowest levels in years, and that's because they appreciate the fundamental changes that we've made, many of which, but not all of which, that we've talked about. we care about our team members that's why i spend a lot of my time going out and seeing them and talking to them and understanding how they are feeling about the company, and we're making changes based upon what they tell us. every other month i hold a town hall with one, two, 3,000 team members and ask them unscripted to give us suggestions we've implemented lots of their suggestions. we care about them, but at the same time i have an obligation as a ceo of this company to make sure that we keep other stakeholders happy, and that includes our shareholders who aren't just wall street investors, but they are shareholders that are pension funds that support many retirees all across this company. 40 is k plans own our stock.

we've got on obligation to them so my job as ceo is to try to balance those appropriately and i'm working as hard as i can to accomplish that. >> all right well, thank you. and i want to just let our senators know that if they have additional questions they are due by next tuesday, and then, mr. sloan, we generally ask that the witnesses respond to those questions as quickly as they can. not knowing how extensive those questions will be, we can't give you the specific time line to that. >> senator, if you want to set a deadline for us right now, we'd be happy to live up to whatever deadline you set. >> we generally ask that the questions be responded to in one week from when they are received. >> we will respond in one week >> all right without anything further then, this hearing is adjourned. >> thank you >> and that ends the senate

banking hearing on wells fargo tim sloan under enormous pressure from multiple senators, not just warren in this case, about the company's response before and after these credit accounts were made public by various journalistic outlets heidi heitkamp going after him about being uninformed about articles in the more recent history, but sloan's response repeatedly has been we're in the banking business and providing credit cards to qualified customers is what we do. in his words he said i'm not embarrassed about that. >> just sort of ending on what he does and how he has outreach to his employees and cares about them and presents himself as a leader don't forget, john stumpf was the ceo at the time they found the scandal and he was brought in in an even tougher questioning over a year ago, but clearly sloan is still getting the questions, and the stock is a little bit lower this morning. >> yeah.

market has been doing okay after the big gains yesterday. the dow is up for a fifth straight session. >> better than okay. >> s&p is looking for not just six straight but a rise in 14 of the past 17 sessions records on the transports, the dow, the s&p. >> and the small caps have joined the party which is key as we look ahead potentially to tax reform. >> let get over to the judge and "the half. baas all right. carl thanks very much welcome to "the halftime report." we'll be covering the averages and the new highs along with the russell 2000 we also hope in the wake of the hearing on capitol hill, wells fargo ceo tim sloan has just gotten off the hot seat that perhaps our wilfred frost will catch up with him as he makes his way down the hallway if that happens, we'll bring you the sound, if in fact we're able to get any if you missed the hearing, there were several fiery exchanges yo