He said the breach occurred because of “human error and technology failures”.
Advertisement
“I think it was within 24 hours we removed that and tried to clarify that”, Smith said. The company “struggled with the initial effort” to help consumers, he said. But he gave them credit on one count.
Smith stepped down as chief executive of Equifax last month after it was reported that hackers broke into the credit-reporting agency and made off with the personal information of almost 145 million Americans. Consumers don’t have the ability to remove their information from Equifax’s databases because it’s furnished by banks and telecommunications companies.
Tuesday’s hearing was the first of four this week. It’s one of the offers Equifax has made in the wake of the breach. Trouble is, the software provider supplied a patch back in March that should have eliminated that vulnerability.
Smith says that while the company was aware of suspicious activity by potential hackers, there was no indication that data had been removed from the system. Despite learning of the breach in late July, the company waited more than 40 days to notify the public, a fact that incensed several of the lawmakers.
Shapiro has criticized Equifax for waiting six weeks to let the public know about the breach.
Federal prosecutors are examining the stock sales by Equifax Chief Financial Officer John Gamble, Joseph Loughran, president of the company’s information solutions division, and Rodolfo Ploder, president of the firm’s workforce solutions unit. He was expected to face bipartisan anger from politicians who have expressed outrage that a company tasked with securing vast amounts of personal data was unable to keep their security software up to date.
By focusing that investigation on top executives, Wyden hopes to send a powerful message to others.
For Equifax, the inquisition is far from over.
His appearance Tuesday before the House panel will be the first of three before congressional committees this week.
– The deadline to sign up for a free credit freeze – different from a lock – has also been extended to the end of January.
“We could have this hearing every year from now on if we don’t do something to change the current system”, Rep. Barton (R-Texas) said.
The contract stated that Equifax was the only company capable of providing these services to the IRS, and it was deemed a “critical” service that couldn’t lapse.
Some members of the committee floated the possibility of regulations on companies to punish them if they suffer a data breach and to provide consumers with more recourse if they are affected by the mistake of an organization-especially in a case like Equifax, in which many consumers did not willingly provide the stolen data to the company. “Our priorities are transparency and improving support for consumers”.
“Of course, breaches will continue to occur, but they occur more often when there is no accountability and when no preventative measures are in place”, Pallone said.
While he hasn’t worked out the specifics, he estimated the consumers could be compensated in the order of $5,000 to $10,000.
Others said different rules would not have been enough to prevent this hack.
“We made substantial investments over that time frame. My God, they’d protect that data”. “We do have a lot of data and our primary role is to protect that data”.
This type of delayed disclosure isn’t surprising at this point, since Equifax also added to its own mind-blowing total of breached records just the day before.
Initially, Equifax asked consumers to waive their rights to sue, to get credit protection.
“I apologize to the individual who wrote you that letter”. He responded: “You’ll have the ability to control who accesses and when they access your data”.
Advertisement
Both sides of the aisle in Washington need to get together to regulate the credit agencies.
