(Reuters) — The U.S. Federal Trade Commission said on Thursday it was investigating Equifax Inc’s massive data breach, a rare public confirmation, as a top Democrat suggested the credit-monitoring company’s corporate leaders might need to resign.
Senate Democratic Leader Chuck Schumer also compared Equifax to Enron, a U.S. energy company that was consumed in scandal after revealing in 2001 that it engaged in widespread accounting fraud.
“It’s one of the most egregious examples of corporate malfeasances since Enron,” Schumer said, calling Equifax’s treatment of consumers afterward “disgusting” and its inability to protect data “deeply troubling.”
Shares of Equifax have lost nearly a third of their value in the week since the breach was disclosed. They tumbled to a more than two-year low on Thursday after the company confirmed a fixable web server vulnerability was exploited in the hack, but the stock later recovered somewhat.
“The FTC typically does not comment on ongoing investigations,” spokesman Peter Kaplan said in a brief email statement. “However, in light of the intense public interest and the potential impact of this matter, I can confirm that FTC staff is investigating the Equifax data breach.”
Schumer said Equifax’s chief executive officer and board might need to resign if the company does not take concrete steps within the next week to protect consumers and agree to testify before lawmakers and federal regulators.
“We need to get to the bottom of this — the very bottom, the murky bottom, the dirty bottom,” he added.
Equifax CEO Richard Smith has agreed to testify on Oct. 3 before a U.S. House of Representatives panel, the company said Thursday.
Confirming what many cyber security experts expected, Equifax said late on Wednesday that hackers used a flaw in its open-source Struts software, distributed by the nonprofit Apache Software Foundation, to break into its systems. A patch for the vulnerability was issued in March, two months before Equifax said hackers began siphoning data.
Equifax representatives did not immediately respond to requests for comment on the FTC probe.
The company disclosed the breach on Sept. 7, saying thieves may have stolen the personal information of 143 million Americans in one of the largest hacks ever. It learned of the hacking on July 29.
Nearly 40 states have joined a probe of Equifax’s handling of the breach.