The root of Equifax's breach was "human and technology failures" involving unpatched vulnerabilities in open source Apache Struts software, Smith testified. In addition to the hearings, the hack has prompted state attorneys general and several federal agencies to examine the data breach and the company's response. Hackers stole Social Security numbers, birth dates and addresses, and in some instances driver's license numbers.
The contract says Equifax was the only company capable of providing the services, and it was deemed a "critical" service that couldn't lapse. "As the p. -d. g., I was, in the end, responsible for what happened under my direction".
The statement said the cybersecurity firm Mandiant made the new estimate after a forensic review of the incident, which is believed to be one of the worst breaches because of the sensitivity of data leaked.
Smith stepped down as CEO last week, shortly after the company's chief security officer and chief information officer also exited the company. Then, even more incredibly, it didn't make the incident public until September 7. No current Equifax employees testified at the hearing.
While Equifax has ceased selling credit monitoring directly to consumers after the data breach was announced, the free credit monitoring and identity theft protection Equifax is currently offering right now will only be free for a year, Smith confirmed at the Equifax hearing.
Schakowsky and other members of the Energy and Commerce Committee also have reintroduced the Secure and Protect Americans' Data Act following the breach.
"A gold mine for hackers should be a digital Fort Knox when it comes to security", Brown said.
Kelly's role in approving the stock sales-which Smith said was a company requirement before executive shares could be sold-prompted Rep.
Equifax said it was still determining the extent of the breach for United Kingdom consumers.
Representatives from both parties questioned Smith for almost three hours on his role at the credit reporting agency and indicated that tighter data security standards are long overdue.
"We've got to change this industry before more consumers get hurt", she said.
Equifax keeps a trove of consumer data for banks and other creditors who want to know whether a customer is likely to default.
"We're a vital part to the global economy", Smith said. He said an internal investigation ensued and he was alerted the next day, but he had no knowledge at that time that consumers' personal information had been accessed.
The database breached was the consumer dispute portal, the system for consumers to dispute activity with the company.
"It would be a paradigm-shift for the consumer", Smith said.