The District of Columbia's attorney general told CNBC on Monday that an immediate bipartisan effort is underway to understand how Equifax's massive data breach happened, and the credit reporting company has been responsive.
"We all really don't have a handle of all that happened," Karl Racine said on "Squawk on the Street." "What appears to have happened is that Equifax appears to have received a software of security patch notice that essentially told it that it is very important to update its software."
Racine said it seems that notice happened sometime in March and it is unclear whether Equifax took action.
"It is important in these data breach cases that when companies are alerted to the need for additional security, that they have a process and protocol in place to do just that," he said.
Equifax revealed on Sept. 7 that a data hack could potentially affect 143 million consumers in the U.S. The company said it discovered the intrusion July 29. Nearly 40 states are looking into the Equifax hack.
More half the residents in D.C., including Racine, had their security breached, the attorney general said. He urged all Americans who could be affected to check their accounts on a regular basis. The district and a counsel for Equifax are expected to meet later Monday afternoon, he added.
"We certainly hope that Equifax is going to be transparent," Racine said.
Equifax CEO Richard Smith is expected to testify Oct. 3 before a House panel, and Sen. Elizabeth Warren, D-Mass., has begun an investigation. Along with 11 other fellow Democratic senators, she also plans to introduce a bill to give consumers the ability to place a security freeze on their credit accounts for free.
In a statement to CNBC, an Equifax spokesperson said in part: "We cannot comment on pending litigation, but want to reassure consumers that we are remaining focused on helping them to navigate this situation and providing the best customer support possible."