The massive data breach has also led to a number of high-profile departures at the Atlanta-based consumer credit reporting agency, including its chief executive, chief information officer and chief security officer.
"It seem to me you've accomplished something no one else has been able to accomplish: you've brought Democrats and Republicans together in outrage and frustration over what's happened", Anna Eshoo, a California Democrat, told Smith towards the end of his three-hour testimony, the first of four hearings he is scheduled to attend this week.
Equifax first notified the public of the security breach on September 7, though it said the unauthorized access is thought to have happened from May 13 to July 30, with Equifax's security team catching the hack on July 29.
Smith said he was disappointed in the rollout of call centers and a website created to help the people affected by the breach. A more comprehensive service, a credit freeze, blocks access to credit files unless a consumer provides a personal identification number to the agency.
Smith says that while the company was aware of suspicious activity by potential hackers, there was no indication that data had been removed from the system.
Additionally, Equifax says that an investigation into how many United Kingdom consumers were affected by the breach is being analyzed in the United Kingdom.
The information stolen included names, Social Security numbers, birth dates and addresses. Security experts have said that the ripple effects will be felt for years to come and that the ultimate costs are hard to discern.
That didn't stop the committee from thrashing Smith and Equifax's failure to protect user data.
Smith also said Equifax was "disappointed" with the rollout of a special website and call centers to deal with the fallout from the breach.
- Separately, the administration of President Donald Trump is considering replacing the use of Social Security numbers as personal identifiers in the wake of the Equifax hack, White House cyber-security coordinator Rob Joyce said at a conference on October 3, Bloomberg reported.
That timing could help lift suspicions that three executives who sold stock on the first two days of August illegally used insider knowledge of the hack.
Smith described the executives as "honorable men, men of integrity".
"It's time we change the paradigm of who controls and who accesses credit data", he said. USA companies and government agencies have disclosed 1,022 breaches this year, according to the Identity Theft Resource Center.