Economy

Former Equifax CEO blames lone IT staffer for data breach

Former Equifax CEO blames lone IT staffer for data breach

And it's unclear if Equifax will put in any stipulations like asking you to give up your right to sue the company over the data breach.

It wouldn't be until August 15 that he first heard that data like Social Security numbers, credit card numbers, addresses, and driver's license numbers were in the trove of information siphoned off by the digital burglars.

In another exchange, Smith said he had "no indication of a breach" prior to the date of the stock sales, only of "suspicious activity".

The former Equifax CEO who left the company in disgrace after a massive security breach was peppered with critical questions Tuesday during a congressional hearing.

Representative Frank Pallone Jr., Democrat of New Jersey, called for Congress to pass legislation that would do more to protect consumers whose personal data is stolen in such breaches.

The Internal Revenue Service signed a $7.25 million contract with Equifax on September 29.

In part of the ongoing investigation into the Equifax security breach, private security firm Mandiant has finished its first round of forensic data collection and analysis.

Equifax will alert the additional potentially affected consumers by mail. Smith announced that the company will release an application on January 31, 2018, that will allow consumers to lock and unlock their credit data on demand.

Former Equifax CEO blames lone IT staffer for data breach
Former Equifax CEO blames lone IT staffer for data breach

In July, after the IRS made a decision to replace Equifax with another company's successful bid, Equifax challenged the procurement.

Smith, who stepped down from the company last week, told Scott that the executives followed protocol.

That includes Social Security numbers, birthdates, credit history and much more. "I take full responsibility", he said in opening remarks.

Mr. Smith, who resigned last week, has also indicated that they have been informed of the piracy on July 31, but may not have been aware of the extent of the attack.

After the Department of Homeland Security sent out a notification in March about the need to patch a particular Apache Struts software vulnerability, the individual within Equifax responsible for communicating that information to the Equifax patch team failed to do so, Smith testified.

"I'm truly and deeply sorry for what happened", Smith said at the start of his testimony to a House Energy and Commerce subcommittee. "As far as protection to the consumer, as far as ability to lock and unlock as opposed to freeze and unfreeze, the lock is far more consumer friendly", Smith said.

Just because your resume says you exposed the personal data, including Social Security numbers, of some 143 million Americans while practicing unsafe security, it doesn't mean you can't score a multi-million dollar contract with the Internal Revenue Service.

"A constituent pointed out to me it would be wrong to call the victims of this breach Equifax customers, and he asks why he's been impacted in this manner", Congressman Paul Tonko, R-NY, said.

More news: New Jersey to send 1100 to help Puerto Rico with Maria