Former Equifax CEO Richard F. Smith said that he is "deeply sorry" for the Equifax data breach and detailed the company's remediation efforts.
In testimony before the U.S. House Committee on Energy and Commerce Subcommittee on Digital Commerce and Consumer Protection, Mr. Smith, who resigned from his position on September 25, 2017, acknowledged that the data of 140 million consumers had been stolen from Equifax servers. He also acknowledged that the compromised data included names, social security numbers, birthdates, addresses and credit card information. Mr. Smith conceded that the Department of Homeland Security warned about a vulnerability in software used by Equifax on March 8, 2017, but the vulnerability was never addressed. As a result, between May 15 and July 30, attackers continuously accessed customers' private, personally identifiable information.
Equifax announced that the breach occurred on September 7. Mr. Smith stated that the company instituted remedial measures, including (i) a website for customers to determine whether they were affected by the breach, (ii) a call center to address customers' questions, and (iii) the development of identity protection and monitoring tools for customers. Mr. Smith said that the rollout of the remedial measures included various missteps, such as the accidental inclusion of a mandatory arbitration clause and understaffed call centers.
Mr. Smith asserted that cybersecurity issues have plagued various other companies and government agencies, and encouraged policymakers and corporations to remain vigilant about emerging cybersecurity issues.
Commentary / Joseph V. Moreno
Equifax will face scrutiny from shareholders, Congress, and the SEC not only on why this breach happened, but why it took nearly six weeks to disclose the intrusion...