Former Equifax CEO Testifies Before Subcommittee
Former Equifax CEO Richard Smith appeared before the House Digital Commerce and Consumer Protection Subcommittee about its data breach. Initially, Equifax estimated the data breach impacted 143 million US consumers and an additional 200, 000 United Kingdom and Canadian consumers. However, that number was increased just a day ago. Equifax underestimated the number of people affected by the data privacy breach in the United States. Corporate representatives now states that an additional 2.5 million customers were also affected.
Equifax is one three credit reporting companies in the US and is a publicly traded company. As part of doing business, Equifax accesses and stores data such as birthdates, income, Social Security numbers, birth dates, addresses, bank information, and credit card information.
“How could 225 professionals let a breach like this happen?” asked Rep. Gerald McNearney (D-Calif.)
Mandiant, a forensic security firm, was hired to determine the cause and what data was hacked by the breach. The Mandiant investigation revealed that Equifax was overdue to update some of its cyber security software – called Apache Struts. Equifax did not update its software before the hackers gained access to their IT system. Although the notification to patch their software was delivered a week before the hack data began, it was not installed in time. In addition, It was another two months before the hackers were discovered.
Richard Smith was a 12-year employee of Equifax. Smith claims that he built up their cyber security team to what it is today