Former Equifax chief apologizes to Congress over hack

WASHINGTON (Reuters) – The former head of Equifax Inc (EFX.N) apologized repeatedly on Tuesday at a congressional hearing for the theft of millions of people’s personal data in a hacking breach, saying it took weeks for the credit bureau to understand the extent of the intrusion.

Richard Smith retired last week but the 57-year-old executive led the company over the time of the hack, which Equifax acknowledged in early September.

Late on Monday, Equifax said an independent review had increased the estimate of potentially affected U.S. consumers by 2.5 million to 145.5 million.

In March, the U.S. Department of Homeland Security alerted Equifax to an online gap in security but the company did nothing, said Smith.

“The vulnerability remained in an Equifax web application much longer than it should have,” Smith said. “I am here today to apologize to the American people myself.”

Equifax keeps a trove of consumer data for banks and other creditors who want to know whether a customer is likely to default.

Former Republican Senator Saxby Chambliss checks his watch as he and City of Pasadena Councilmember Steve Madison stand with Richard Smith, former chairman and CEO of Equifax Inc., prior to Smith’s testimony before House Energy and Commerce hearing on “Oversight of the Equifax Data Breach: Answers for Consumers” on Capitol Hill in Washington, U.S., October 3, 2017. REUTERS/Kevin Lamarque

Smith said both technology and human error opened the company’s system to the cyber hack, which has been a calamity for Equifax, costing it about a quarter of its stock market value and leading several top executives to depart.

A company employee failed to tell the information team a software vulnerability that hackers could exploit should be fixed, Smith said. Then, a later system scan did not uncover the weak point.

Slideshow (3 Images)

Smith said he was notified on July 31 that “suspicious activity had occurred,” after security personnel had already disabled the web application and shut down the hacking. He said he only learned in the middle of August the scope of the stolen data.

On Aug. 2, the company alerted the Federal Bureau of Investigation and retained a law firm and consulting firm to provide advice. Smith notified the board’s lead director on Aug. 22.

That timing could help lift suspicions that three executives who sold stock on the first two days of August illegally used insider knowledge of the hack. Smith said the three “honorable men” did not know about the breach at that time.

Smith deferred to the FBI on questions of whether the hack had been sponsored by a nation-state.

“It’s possible,” he said when asked if the hackers were from another country.

Writing by Lisa Lambert and Patrick Rucker; Editing by Clive McKeef and Bill Rigby

Our Standards:The Thomson Reuters Trust Principles.

Tech

Why the former CIO of Gap moved from clothes to cloud

One Big Bang digital transformation was enough for Tom Keiser. After overhauling legacy IT systems and updating ecommerce platforms, the former Gap CIO has joined SaaS provider Zendesk as its first CIO. The move comes more than a year after leaving the apparel retailer. Now Keiser will build out IT, security and data analytics capabilities for a cloud service provider seeking to top $ 1 billion in revenues by 2020.

Zendesk founder and CEO Mikkel Svane told CIO.com via email that he hired Keiser for the wealth of “enterprise technology and operations experience” he brings to a company that is entering its next stage of growth. Zendesk, which has expanded to more than 1,400 employees from fewer than 800 a year ago, sells customer service software for ecommerce call centers and help desk tools to support enterprises’ trouble-shooting needs.

To read this article in full or to leave a comment, please click here

CIO Cloud Computing