Congressman on Equifax: Can’t legislate against stupidity but can hold people accountable

Key Points
  • If accounts on Equifax's website in Argentina used the generic username and password "admin," that is "just awful," Rep. Greg Walden told CNBC.
  • A hearing on the U.S. breach will be held in the House, with Equifax CEO Richard Smith expected to testify.
  • When asked if the hearing was a precursor to more regulation, Walden replied, "It may be."
Rep. Walden on Equifax: You can't legislate stupidity, but you can hold people accountable for it

If accounts on Equifax's website in Argentina used the generic username and password "admin," that is "just awful," the chair of the House Energy and Commerce Committee told CNBC on Thursday.

Researchers at Hold Security, a Milwaukee-based cybersecurity firm, found that after some guesswork, they were able to uncover personal employee information housed on Equifax's South American site. Their findings are not related to the Equifax breach in the United States.

"You can't stop stupidity. You can't legislate against it, but you can hold people accountable for it," Rep. Greg Walden, R-Ore., said in an interview with "Power Lunch."

Equifax told CNBC in a statement that it acted immediately to remedy the situation in Argentina, "which affected a limited amount of public information strictly related to consumers who contacted our customer service center and the employees who managed those interactions."

Walden chairs the committee that is holding a hearing on the massive data breach in the U.S., which could impact up to 143 million Americans. Equifax CEO Richard Smith is expected to testify before the committee at an Oct. 3 hearing.

"I want to know all the answers here. I want to ask all the questions, then we'll get to what the actions are going forward," Walden said.

When asked if it was a precursor to more regulation, he replied, "It may be."

However, he noted, in past cybersecurity hearings almost every witness has cautioned about overregulating. They have said it is too dynamic of a threat to lock into a statute and doing so could tie their hands and misallocate capital, Walden said.

While there are a lot of data breach issues to be addressed at the hearing, he said there are also the actions of some employees that need to be scrutinized.

Three Equifax executives sold shares worth nearly $2 million days after the breach was found, filings to the Securities and Exchange Commission showed.

"Company says they have no knowledge. Boy, the timing sure doesn't look good," Walden said.

The House investigation isn't the only probe into the data breach. The Federal Trade Commission said Thursday it's investigating what happened. And Senate Minority Leader Chuck Schumer also called for Equifax executives to agree to testify in the Senate.

Equifax shares have lost nearly a third of their value since Sept. 7, when the company reported the breach after market hours. The stock closed down more than 2 percent Thursday.

— CNBC's Thomas Franck, Liz Moyer, Todd Haselton and Yen Nee Lee contributed to this report.