Former Equifax CEO blames breach on one IT employee

Equifax Announces Cybersecurity Firm Has Concluded Forensic Investigation Of Cybersecurity Incident | Equifax

Mandiant, which was retained to carry out the investigation after Equifax first discovered the breach, found that an additional 2.5 million Americans were impacted, bringing the total to 145.5 million.

Tuesday's committee hearing begins three days of inquiry into how Equifax managed to compromise the data of millions of Americans.

In prepared testimony published Monday, Smith said that he "was ultimately responsible for what happened" on his watch and that Equifax let consumers down.

Smith floundered when asked if he knew there was personally identifiable information (PII) stolen as a result of the breach on August 17-the same date that he gave a speech at a college in which he called fraud a "a huge opportunity for Equifax", and said it was a "massive, growing business for us".

Equifax has also faced questions about why two of its executives sold large amounts of stock before the breach became public. But, Smith said, due to "human error" by an unnamed person, the patch wasn't applied.

As more of the facts are revealed about the Equifax hack, many Americans are wondering what recourse they will have and whether the government will step in to help protect their personal data, especially when it's gathered without their explicit consent by companies like Equifax.

Latta says laws are already on the books that are created to ensure consumer data is secured safely.

Smith said the vulnerability was discussed by the company's computer emergency response team (CERT) on 8 March this year.

Troy Aikman impressed with Dak Prescott's leadership in last week's win
Through the first month of the 2017 season, perhaps no team has more thoroughly surpassed expectations than the Los Angeles Rams . Los Angeles has a young, high powered offense that can absolutely air the ball out. "We're sick that we lost the game".

Smith made a decision to talk during a livestream for the Digital Commerce and Consumer Protection subcommittee of the House Energy and Commerce committee. Companies should be required to tell people when hacks happen, be held to security standards with penalties to back them up, and cover costs when its customers who pay.

The feature on the website that USA consumers may use to determine whether they may have been impacted will be updated to reflect the additional potentially impacted US consumers discussed in this release by no later than October 8.

Additionally, Equifax says that an investigation into how many United Kingdom consumers were affected by the breach is being analyzed in the United Kingdom. But the "vulnerable versions" of the software were not identified or patched, Smith said.

Share with Us - We'd love to hear eyewitness accounts, the history behind an article, and smart, constructive criticism.

Smith said the company had otherwise followed its protocol of distributing information on necessary patches and that in the case of CVE-2017-5638 its procedures were observed, except by the individual mentioned above.

During the hearing, Smith said "Equifax is committed to make it whole" for consumers impacted by the cyber attack.

"I apologize to the individual who wrote you that letter". "This is unlike other breaches at stores such as Target and Michaels, where consumers could make a choice and change their shopping habits if they were upset with how the companies protected data".

The company has since offered free credit locking services for those affected by the breach, but lawmakers have questioned whether Equifax was equipped handle the influx of consumer queries about their data.

Related:

Comments


Other news