Former Equifax chief will face questions from U.S. Congress over hack

2017 10 03T040807Z 1 LYNXNPED9206J RTROPTP 0 EQUIFAX CYBER FTC 1 - Former Equifax chief will face questions from U.S. Congress over hack
FILE PHOTO: Credit reporting company Equifax Inc. corporate offices are pictured in Atlanta, Georgia, U.S., September 8, 2017. REUTERS/Tami Chappell/File Photo

October 3, 2017

By John McCrank and David Shepardson

WASHINGTON (Reuters) – U.S. lawmakers are due to question the former head of Equifax Inc <EFX.N> at a Tuesday hearing that could shed light on how hackers accessed the personal data of more than 140 million consumers.

Richard Smith retired last week but the 57-year-old executive will answer for the breach that the credit bureau acknowledged in early September.

Late Monday, Equifax said an independent review had boosted the number of potentially affected U.S. consumers by 2.5 million to 145.5 million.

In March, the U.S. Homeland Security Department alerted Equifax to an online gap in security but the company did nothing, said Smith.

“The vulnerability remained in an Equifax web application much longer than it should have,” Smith said in remarks prepared for delivery on Tuesday. “I am here today to apologize to the American people myself.”

Smith will face the House Energy and Commerce Committee on Tuesday but there will be three more such hearings this week.

Equifax keeps a trove of consumer data for banks and other creditors who want to know whether a customer is likely to default.

The cyber-hack has been a calamity for Equifax which has lost roughly a quarter of its stock market value and seen several top executives step down alongside Smith.

Smith’s replacement, Paulino do Rego Barros Jr., has also apologized for the hack and said the company will help customers freeze their credit records and monitor any misuse.

There has been a public outcry about the breech but no more than 3.0 percent of consumers have frozen their credit reports, according to research firm Gartner, Inc.

Smith said hackers tapped sensitive information between mid-May and late-July.

Security personnel noticed suspicious activity on July 29 and disabled web application a day later, ending the hacking, Smith said. He said he was alerted the following day, but was not aware of the scope of the stolen data.

On Aug. 2, the company alerted the FBI and retained a law firm and consulting firm to provide advice. Smith notified the board’s lead director on Aug. 22.

(Patrick Rucker contributed from Washington; editing by Clive McKeef.)

Source link

from CapitalistHQ.com http://ift.tt/2fGj1FY

This entry was posted in news and tagged , , , . Bookmark the permalink.