Lawmakers call Equifax response to breach inadequate

SHARE Lawmakers call Equifax response to breach inadequate
ap17276596015540.jpg

Former chairman and CEO of Equifax Richard F. Smith testifies before the Digital Commerce and Consumer Protection Subcommittee of the House Commerce Committee on Capitol Hill in Washington, Tuesday, Oct. 3, 2017. | AP Photo

WASHINGTON — House Republicans and Democrats on Tuesday lashed out at the former head of Equifax, demanding answers for the massive data breach that compromised the sensitive personal information of an estimated 145 million Americans.

Rep. Frank Pallone, D-N.J., said that if Equifax wants to stay in business, its entire corporate culture needs to change to one that values security and transparency.

“We want answers for consumers because Equifax’s response to this breach has been unacceptable,” said Pallone, the top Democrat of the House Energy and Commerce Committee.

Republican Rep. Greg Walden of Oregon, the committee’s chairman, said the hearing was necessary to do something that Equifax has failed to do in recent months: “Put Americans first.”

Former Equifax chairman and CEO Richard F. Smith testified before a House panel, the first of four hearings on Capitol Hill this week as Congress examines what went wrong. Smith was the only witness at the hearing. No current Equifax employee testified.

The sessions typically turn into a public shaming, and this year the Republican-led Congress has worked to ease government regulations on businesses.

“Equifax deserves to be shamed in this hearing. But we should also ask what Congress has done – or failed to do – to stop data breaches from occurring,” said Rep. Jan Schakowsky, D-Ill.

The revelation last month of the disastrous hack to Equifax’s computer system rocked the company which faces several state and federal inquiries and several class-action lawsuits. Smith said the company was cooperating with the FBI and state agencies.

Smith attributed the breach to human error and technological error, and said both errors have been addressed.

He also told lawmakers that when he first learned of the breach on July 31, company officials did not realize that personal information about consumers had been stolen. He described suspicious activity against the company’s database as routine. The public was notified of the breach on Sept. 7.

“As we all painfully learned, data security is a national security problem,” Smith told lawmakers.

He said no single company can solve the problem on its own and said a system was needed that would let consumers control access to their personal data.

“Let me close by saying how sorry I am for the breach,” Smith said.

Smith, who resigned after overseeing the company for a dozen years, says Equifax was hacked by a yet-unknown entity. He said the information stolen included names, Social Security numbers, birth dates and addresses. In addition, the credit card information for about 209,000 consumers was also stolen as well as certain documents with personally identifying information for approximately 182,000 consumers.

Smith said the Department of Homeland Security warned the company on March 8 about the need to patch a particular vulnerability in software used by Equifax and other businesses. The company disseminated that warning by email the next day and requested that applicable personnel install the upgrade. The company’s policy requires the upgrade to occur within 48 hours, but Smith said that did not occur. The company’s information security department also ran scans on March 15 that did not pick up the vulnerability.

Smith also said he was disappointed in the rollout of call centers and a website designed to help the people affected by the breach. He said the company has increased its number of customer service representatives and the website has been improved. He said more than 400 million consumers contacted the company in the weeks following the announcement of the breach. He said the company wasn’t prepared for that kind of volume.

“The scale of the reaction was unprecedented,” Smith said.

Rep. Ryan Costello, R-Pa., said hundreds of constituents have contacted his office with their concerns about the breach and the company’s response.

“The slow rollout and how poor it was done. To me, it was just inexcusable,” Costello said.

Several Democratic lawmakers on the committee signed on to legislation that they said would establish data security standards that companies would have to follow and require prompt notification of consumers of the breach. Comparable legislation in past congressional sessions has failed to gain significant traction.

The Latest
Despite getting into foul trouble, which limited him to just six minutes in the second half, Shannon finished with 29 points, five rebounds and two assists.
Cowboy hats, bell-bottoms and boots were on full display Thursday night as fans lined up for the first of his three sold-out shows.
The incident occurred about 3:40 p.m. near Minooka. The horse was successfully placed back into the trailer, and the highway reopened about 40 minutes later. No injuries were reported.
The Hawks conceded the game’s only two goals within the first seven minutes and were shut out for the 12th time this season in a 2-0 defeat Thursday.