Equifax hack even worse than predicted

Equifax hack even worse than predicted

Equifax hack even worse than predicted

On March 8, Atlanta-based Equifax received an urgent notice from the U.S. Department of Homeland Security.

Newly identified victims won't be able to find out that they were affected by the breach for up to five more days.

The Equifax breach might have been state-sponsored, but it is still too early to say who might be behind it. "You're just required to notify everybody and say, 'So sorry, so sad, '" Rep. Joe Barton told Smith.

But in this case, it wasn't.

Equifax first publicly announced on September 7 that it was the victim of a data breach that exposed personally identifiable information on 143 million Americans.

Smith's prepared remarks were released Monday in advance of his appearance at the House Energy and Commerce Committee on Tuesday. This now brings the total number of affected Americans to 145.5 million who have had sensitive information such as addresses, birth dates, phone numbers, and social security numbers exposed to hackers.

Smith also said Equifax was "disappointed" with the rollout of a special website and call centers to deal with the fallout from the breach.

Equifax cut off the attackers at that point and began an investigation, but it did not grasp the scale of the theft - including the discovery that consumers' personal information had been breached - until mid-August. King & Spalding is among the law firms handling legal issues related to the hack that may have affected 143 million people. "This breach has impacted all of them. It has impacted all of us", he wrote. Equifax said last month that the still-unidentified attackers gained an initial hold in the network by exploiting the critical Apache Struts vulnerability.

Smith stepped down as CEO three weeks after the breach was announced to the public.

The Equifax hacking sparked widespread outrage, as well as bipartisan demands for more information from the company on how the security debacle happened and what steps the company is taking to handle the fallout.

The company previously estimated that some 100,000 Canadians could have had their personal information compromised before a forensic review by cybersecurity firm Mandiant found the actual number to be much lower. That day, Equifax also alerted the Federal Bureau of Investigation.

Equifax has revealed that its massive data breach is even larger than originally thought.

"Giving consumers more control of their data is a start, but is not a full solution in a world where the threats are always evolving", said Smith.

Smith apologized numerous times throughout the hearing for the breach and said it was the result of "human error and technological error". Smith notified the board's lead director on August 22.

In a move that could put pressure on the other two major credit bureaus, Experian and TransUnion, to offer similar life-long freezes, Barros said Equifax plans to offer a free service by January 31 that will "let consumers easily lock and unlock access to their Equifax credit files". But Equifax is offering free credit-monitoring services for one year and will unveil a new service next year allowing consumers to freeze and unfreeze their credit information at no charge for life.

Equifax later removed the binding arbitration clause from the service, and Smith said its inclusion was a mistake.

In another exchange, Smith said he had "no indication of a breach" prior to the date of the stock sales, only of "suspicious activity".

Related news