Former Equifax chief apologizes to Congress over hack

Posted October 04, 2017

CEO Richard Smith apologized to the House Committee on Energy and Commerce on Tuesday for a massive data breach reported by the company this summer.

The company has issued an internal memo on march 9 to prevent a fault it detected the day before by the american authorities and to ask the technical teams of the fix, said Richard Smith, in a text published Monday on the eve of his hearing by the u.s. Congress.

The review adds about 2.5 million Americans to the list of those affected by the massive cyber attack, bringing the total number of people in the US potentially impacted to 145.5 million. On Thursday, the company announced a new, free service that will allow consumers to lock and unlock their credit information for life, starting next year.

He said the breach occurred because of "human error and technology failures".

Smith said hackers tapped sensitive information between mid-May and late-July. But for the first time, Smith acknowledged that the employee responsible for assigning a correction to that vulnerability failed to do so, even though that person knew the patch was needed. A more comprehensive service, a credit freeze, blocks access to credit files unless a consumer provides a personal identification number to the agency.

Additionally, Equifax says that an investigation into how many United Kingdom consumers were affected by the breach is being analyzed in the United Kingdom.

Check-in systems of some airlines at Changi Airport hit by technical glitch
Authorities say passengers at airports around the world have suffered some delays because of a problem with check-in systems. In a Facebook post, Changi Airport said the check-in process may take longer as manual boarding passes have to be issued.

Equifax faces legal claims in dozens of states over the breach, which exposed data including dates of birth, Social Security numbers and credit card information. Security experts have warned that the long-term consequences of the hack will be hard to fully discern. Not only did consumers feel exposed after learning that their sensitive information may have been stolen, but they also were angered by Equifax's bungled response. Tuesday, Smith appeared before the committee. The call center was understaffed, and a help website that the company put up had the trademarks of a phishing scam while offering little guidance as how to protect affected people, experts and consumers said.

Mr. Smith, who resigned last week, has also indicated that they have been informed of the piracy on July 31, but may not have been aware of the extent of the attack.

Equifax has also faced questions about why two of its executives sold large amounts of stock before the breach became public.

Latta says laws are already on the books that are created to ensure consumer data is secured safely.

Smith described the executives as "honorable men, men of integrity".

"This reemphasizes the need for data breach legislation, so there is a standard - so you don't have a company decide when they want to disclose when a breach has occurred", Warner said.