With lawyers from King & Spalding sitting behind him Tuesday, former Equifax Inc. chief executive Richard Smith recounted to a U.S. House panel how his credit bureau turned to the law firm within 48 hours of learning about the data breach that compromised the personal information of nearly half the U.S. population.
As Equifax now navigates the halls of Congress to contain the fallout over one of the largest breaches in U.S. history, its go-to firm has not been the only one by the company’s side. Lawyers from DLA Piper, a firm that was itself the victim of a hack this year, are also helping to guide Equifax through the data breach scandal. Additionally, Susan Estrich of Quinn Emanuel Urquhart & Sullivan represents Smith in his personal capacity.
Seated prominently behind Smith was former U.S. Sen. Saxby Chambliss, who joined DLA Piper as a partner in January 2015 after serving four terms in the House followed by two terms representing Georgia in the Senate. A few rows behind Chambliss was Ignacio Sanchez, chairman of DLA Piper’s government affairs practice group, who had previously attended at least one Capitol Hill briefing on the breach.
King & Spalding partners Phyllis Sumner and Ted Hester were also spotted in the hearing rooms Tuesday and Wednesday. Sumner is leading Equifax’s defense against the tide of class actions. Hester is a senior partner in King & Spalding’s government advocacy practice in Washington. Estrich was also in the hearing rooms with Smith on Wednesday.
Chambliss and Sanchez both declined to discuss their representation of Equifax following Wednesday’s hearing.
According to U.S. Senate disclosure forms, Sanchez lobbied in 2015 for Experian, a rival credit reporting agency, on legislation involving breach notification and cybersecurity. A lobbying disclosure for the final three months of 2015 stated that Sanchez is “no longer expected to act as a lobbyist” for Experian. More recently, Sanchez has lobbied for Apple Inc. and The Coca-Cola Company.
A spokesman for DLA Piper did not respond to a request for comment, and an Equifax spokesperson declined to comment.
DLA Piper brings a unique perspective to its work for Equifax. The firm, one of the largest in the world, recently suffered a cyber attack—one that could cost the firme millions of dollars.
The breach, however, was of a different sort. In June, phones and computers were knocked out across the firm by an apparent ransomware intrusion similar to the so-called WannaCry attack that crippled the National Health Service in Great Britain. A recent report showed there were some 200 computer attacks on U.S. law firms in the last couple of years.
Equifax faces no shortage of challenges in the weeks ahead, from court—where class actions piled up within days—to federal agency investigations and calls on Capitol Hill for greater oversight of the industry. The Wall Street Journal this week said the hack has generated scrutiny of Equifax’s general counsel, John Kelley, who oversaw security.
Smith abruptly retired last week amid the storm of criticism of Equifax. Still, Democratic U.S. senators demanded he come before the committee and address the credit reporting agency’s data breach. Lawmakers also raised the possibility of Equifax clawing back a portion of Smith’s compensation, which includes a pension valued at $18.4 million as of the end of last year.
“I’ve called for Equifax executives to be held accountable for their role in failing to stop this data breach and hiding it from the public for forty days. It’s not real accountability if the CEO resigns without giving back a nickel in pay and without publicly answering questions,” said U.S. Sen. Elizabeth Warren, D-Massachusetts. “Mr. Smith, along with the new chairman and the new interim CEO, should all testify before the Senate Banking Committee. The American public deserves answers about what went wrong at Equifax and what the company plans to do going forward.”
Meanwhile, U.S. regulators are stepping up pressure outside the halls of Congress. Richard Cordray, director of the Consumer Financial Protection Bureau, said Equifax, Experian and TransUnion should all have embedded regulators to prevent the recurrence of a massive data breach.
On the state regulatory front, the New York Department of Financial Services has issued a subpoena that demands Equifax turn over more information about the data breach, Reuters reported. New York Attorney General Eric Schneiderman has opened an investigation days after Equifax publicly disclosed the data breach.