Former Equifax CEO Richard Smith (now retired) can expect a serious grilling this morning as he faces a congressional hearing into the utter farce surrounding the company's gross mishandling (and potential insider trading) of a cyber-security breach which has left almost 150 million people at risk.

As The Washington Post reports, some lawmakers plan to not only grill the embattled credit reporting agency but also to cue up a fight for tighter data security standards that they and consumer advocates have long wanted.

The hearings, which begin Tuesday and are expected to stretch for three days across the House and Senate, will be a fact-finding mission — one peppered with public reprimands and calls for sweeping improvements. Lawmakers said that they want to hold Equifax accountable for what they've described as glaring security lapses, a limp response to widespread outrage and possible insider trading.

“Certainly Equifax deserves public shaming,” said Rep. Jan Schakowsky (Ill.), the top Democrat on the Digital Commerce and Consumer Protection subcommittee, the House panel holding the first hearing.

“We as members of Congress have an obligation to express our deep dissatisfaction with the company. In addition, we want to get to the bottom of this.”

“This unprecedented cyberattack raises serious questions about the security of consumers’ personal information online,” said Rep. Robert E. Latta (R-Ohio), who oversees the Digital Commerce subcommittee.

“This reemphasizes the need for data breach legislation, so there is a standard — so you don't have a company decide when they want to disclose when a breach has occurred,” said Sen. Mark R. Warner (Va.).

Grab your popcorn:

In prepared testimony published Monday former Equifax chief executive Richard Smith said he "was ultimately responsible for what happened" on his watch and that the company let consumers down.

 Smith said that the intruders were able to penetrate the company's network by exploiting a vulnerability that had been known for months, but which Equifax failed to patch, despite an internal email alerting staff. Later, scans by Equifax's information security department should have detected the particular vulnerability that was left uncorrected, Smith said, but failed to do so. Smith also revealed that he didn't learn sensitive consumer information had likely been stolen until two weeks after suspicious activity had been detected. It took an additional ten days after that until the board of directors was informed of the breach.

Full Prepare Remarks below...

And finally, here is the full background briefing...