The former Equifax CEO who left the company in disgrace after a massive security breach was peppered with critical questions during a congressional hearing.
The former Equifax CEO who left the company in disgrace after a massive security breach was peppered with critical questions Tuesday during a congressional hearing.
“It’s like the guards at Fort Knox forgot to lock the doors and failed to notice the thieves were emptying the vaults,” Republican Rep. Greg Walden of Oregon said, reports the Los Angeles Times. “How does this happen when so much is at stake? I don’t think we can pass a law that fixes stupid.”
Cyber criminals infiltrated the corporation’s website application earlier this year and leaked personal information such as names, birth dates, addresses, social security numbers and, for some, drivers licenses and credit card numbers.
Approximately 145.5 million people may have been impacted by the hacking of the credit reporting firm, according to Equifax.
Walden’s questions of frustration and bewilderment is just a glimpse into the roughly three-hour hearing presided over by Republicans and Democrats in the House Digital Commerce and Consumer Protection subcommittee.
“How could 225 professionals let a breach like this happen?” asked Democratic Rep. Gerald McNerney of California, according to USA Today.
One of the problems is that not all of Equifax’s large team may have been professionals, including the leaders. The now-dismissed chief security officer allegedly had a music composition degree, rather than a formal certificate in computer science, cybersecurity, or something pursuant to protecting virtual systems.
Former CEO Richard Smith pinned culpability not only on “human error,” but also on “technology errors.”
Equifax was alerted to a software security vulnerability back in March, but failed to patch it properly for months, Reuters reports. It also set up a website dedicated to helping customers find out if they were affected by the breach, but accidentally sent them to a phony site.
“You’re really only required to notify people and say, ‘So sorry, so sad,’” Republican Rep. Joe Barton said. “It seems to me you might pay more attention to security if you had to pay everybody who got hacked a couple thousand bucks or something.”
But voluntary or mandatory monetary compensation is likely out of the question for Equifax, since it originally wouldn’t help people unless they legally waived their right to a lawsuit — a stipulation found deep in the website in its general terms and conditions contract.
Nevertheless, Smith said “Equifax is committed to make it whole for you.” “I’m here today to say to each and every person affected by this breach: I am truly and deeply sorry for what happened,” Smith said, according to the Los Angeles Times.
The damage may already be done, though, as Democratic Rep. Debbie Dingell of Michigan explained.
“You can’t change your Social Security number and I can’t change my mother’s maiden name,” she said. “This data is out there forever.”
