Equifax's ex-CEO grilled on massive data breach


The House Committee on Energy and Commerce's three-hour hearing was held to answer questions about this year's breach from mid-May to the end of July, when hackers obtained information on over 143 million people from Equifax, or about 44 percent of the USA population.

Equifax data breach: 2 steps to protect your money & identity!

In the breach, which was first discovered in late July but not made public until several weeks later, hackers were able to obtain names, addresses, dates of birth, Social Security numbers and credit card numbers.

ZDNet has contacted Equifax for comment on the contract and will publish its response.

Equifax said Mandiant also found no evidence of unauthorized activity on databases located outside of the United States. But Equifax is offering free credit-monitoring services for one year and will unveil a new service next year allowing consumers to freeze and unfreeze their credit information at no charge for life.

Former Equifax CEO Richard Smith was put in front of congressional committee hearing this week and apologized for mistakes which led to the massive breach.

The company is responsible for the biggest data breach on record.

Despite the major breach, Equifax received a no-bid contract from the Internal Revenue Service (IRS) for fraud protection on October 4, that's worth about $7.25 million.

Just when consumers were coming to grips with the financial debacle that is the Equifax data breach, the number of people affected by it continues to soar. The company said it would update the database with the names of the additional millions of potentially affected consumers by October 8. A series of costly delays and crucial errors caused the company to remain unprotected for months against one of the most severe Web application vulnerabilities in years, he said.

The IRS told Politico that "following an internal review and an on-site visit with Equifax, the IRS believes the service Equifax provided does not pose a risk to IRS data or systems".

Smith stepped down as CEO last week, shortly after the company's chief security officer and chief information officer also exited the company. Businesses, academics and the federal government, he said, need to come up with a better universal identifier than Social Security numbers - some of the key information stolen.

The former CEO said the second cause of the attack was a failure of automated scanning conducted a week after the patch should have been applied.

Rep. Tony Cardenas, D-Calif., said he wants Equifax to provide a trail of the communication regarding the incident and its timeline.

Sen. Heidi Heitkamp, a Democrat from North Dakota, told Smith that Equifax should consider backing away from the agreement. "I take full responsibility", he said in opening remarks.

Since the breach, Equifax has been offering a credit lock to those affected, which would prevent the sales of information to other companies, though the information that was taken was kept in a portal that was not encrypted.