Lawmakers grill former Equifax CEO

Wednesday, 04 Oct, 2017

That was the data pool hacked over the summer through an unpatched Apache Struts vulnerability, resulting in the theft of data on over 145 million people, mainly Americans, but also 8,000 Canadians and 100,000 in the United Kingdom. Smith didn't note who the individual was, but said the person who knew the patch needed to be applied did not communicate with the team that does the patching about the vulnerability.

"Mr. Smith, it seems to me that you've accomplished something that no one else has been able to accomplish", said Rep. Anna Eshoo (D-Calif.). Equifax can't yank back our data from the hackers, who stole it after the company failed to do its job of protecting our information.

Equifax sent emails about the federal warning to workers responsible for the software, which is used in the company's consumer online disputes portal.

The breach went undetected until July.

The news follows the security firm's bungling of promoting a consumer help website,, where people could check to see if their personal information had been stolen. The next day Equifax's security team was notified by email.

"I want to apologize again to all impacted consumers".

But under questioning from lawmakers, he refused to commit Equifax to making whole any people who were financially harmed as a result of the breach. Smith resigned last week amid backlash over the company's handling of the breach.

An Ontario resident files a proposed class action in the province, seeking $550 million in damages from Equifax, according to Toronto-based law firm Sotos LLP.

While many high-profile companies have suffered damaging data breaches, the Equifax hack stands out because of the company's sprawling influence on American commerce.

The Federal Trade Commission says it is opening an investigation into the hack.

"Equifax was entrusted with Americans' private data and we let them down", Richard Smith said in written testimony for the hearing that the House Energy and Commerce Committee released Monday.

The Office of the Privacy Commissioner of Canada launches investigation into the breach. Their businesses and deals keep going despite major breaches that affect the consumer data that make up their products, and the only response is congressional grandstanding.

Eschoo also wanted to bring in former Chief Information Officer Dave Webb, who also retired from Equifax last month, saying, "I don't think that this is resolved". Both are replaced with internal employees on an interim basis effective immediately.

The three big credit rating agencies - Equifax, Experian, and TransUnion - aggregate data into credit reports and scores that financial institutions use to evaluate how risky it is to lend money to an individual. He didn't inquire whether personal data was stolen and insisted that at that time there was no indication of a breach.

One crucial event the former CEO left out of his timeline of events was the August 1 and August 2 sale of approximately $1.8 million worth of Equifax stock by three executives, just after the chief executive was made aware of the "suspicious activity".