Former Equifax chief apologizes to Congress over hack

WASHINGTON (Reuters) – The former head of Equifax Inc (EFX.N) apologized repeatedly on Tuesday at a congressional hearing for the theft of millions of people’s personal data in a hacking breach, saying it took weeks for the credit bureau to understand the extent of the intrusion.

Richard Smith retired last week but the 57-year-old executive led the company over the time of the hack, which Equifax acknowledged in early September.

Late on Monday, Equifax said an independent review had increased the estimate of potentially affected U.S. consumers by 2.5 million to 145.5 million.

In March, the U.S. Department of Homeland Security alerted Equifax to an online gap in security but the company did nothing, said Smith.

“The vulnerability remained in an Equifax web application much longer than it should have,” Smith said. “I am here today to apologize to the American people myself.”

Equifax keeps a trove of consumer data for banks and other creditors who want to know whether a customer is likely to default.

Former Republican Senator Saxby Chambliss checks his watch as he and City of Pasadena Councilmember Steve Madison stand with Richard Smith, former chairman and CEO of Equifax Inc., prior to Smith’s testimony before House Energy and Commerce hearing on “Oversight of the Equifax Data Breach: Answers for Consumers” on Capitol Hill in Washington, U.S., October 3, 2017. REUTERS/Kevin Lamarque

Smith said both technology and human error opened the company’s system to the cyber hack, which has been a calamity for Equifax, costing it about a quarter of its stock market value and leading several top executives to depart.

A company employee failed to tell the information team a software vulnerability that hackers could exploit should be fixed, Smith said. Then, a later system scan did not uncover the weak point.

Slideshow (3 Images)

Smith said he was notified on July 31 that “suspicious activity had occurred,” after security personnel had already disabled the web application and shut down the hacking. He said he only learned in the middle of August the scope of the stolen data.

On Aug. 2, the company alerted the Federal Bureau of Investigation and retained a law firm and consulting firm to provide advice. Smith notified the board’s lead director on Aug. 22.

That timing could help lift suspicions that three executives who sold stock on the first two days of August illegally used insider knowledge of the hack. Smith said the three “honorable men” did not know about the breach at that time.

Smith deferred to the FBI on questions of whether the hack had been sponsored by a nation-state.

“It’s possible,” he said when asked if the hackers were from another country.

Writing by Lisa Lambert and Patrick Rucker; Editing by Clive McKeef and Bill Rigby

Our Standards:The Thomson Reuters Trust Principles.

Tech

Former Equifax chief will face questions from U.S. Congress over hack

WASHINGTON (Reuters) – U.S. lawmakers are due to question the former head of Equifax Inc (EFX.N) at a Tuesday hearing that could shed light on how hackers accessed the personal data of more than 140 million consumers.

Richard Smith retired last week but the 57-year-old executive will answer for the breach that the credit bureau acknowledged in early September.

Late Monday, Equifax said an independent review had boosted the number of potentially affected U.S. consumers by 2.5 million to 145.5 million.

In March, the U.S. Homeland Security Department alerted Equifax to an online gap in security but the company did nothing, said Smith.

“The vulnerability remained in an Equifax web application much longer than it should have,” Smith said in remarks prepared for delivery on Tuesday. “I am here today to apologize to the American people myself.”

Smith will face the House Energy and Commerce Committee on Tuesday but there will be three more such hearings this week.

Equifax keeps a trove of consumer data for banks and other creditors who want to know whether a customer is likely to default.

The cyber-hack has been a calamity for Equifax which has lost roughly a quarter of its stock market value and seen several top executives step down alongside Smith.

Smith’s replacement, Paulino do Rego Barros Jr., has also apologized for the hack and said the company will help customers freeze their credit records and monitor any misuse.

There has been a public outcry about the breech but no more than 3.0 percent of consumers have frozen their credit reports, according to research firm Gartner, Inc.

Smith said hackers tapped sensitive information between mid-May and late-July.

Security personnel noticed suspicious activity on July 29 and disabled web application a day later, ending the hacking, Smith said. He said he was alerted the following day, but was not aware of the scope of the stolen data.

On Aug. 2, the company alerted the FBI and retained a law firm and consulting firm to provide advice. Smith notified the board’s lead director on Aug. 22.

Patrick Rucker contributed from Washington; editing by Clive McKeef.

Our Standards:The Thomson Reuters Trust Principles.

Tech

What Facebook’s Aftenposten Censorship Teaches Us About Facebook’s Role As Worldwide Editor In Chief

Facebook today has the power to censor any viewpoint or message worldwide for any reason, including deleting an official statement by a foreign head of state: what does this mean for the future of freedom of expression online?

Cloud Computing


All articles

HPE’s cloud chief is leaving the company

The head of Hewlett-Packard Enterprise’s cloud team is leaving the company in a reorg that will also see the creation of a new cloud division.

Two other top executives are also departing: Manish Goel, the head of HPE’s storage business, and Robert Vrij, managing director of sales for the Americas.

The changes, announced in a blog post Monday, follow the news last month that Martin Fink, HPE’s CTO and the head of HP Labs, will retire at the end of the year.

To read this article in full or to leave a comment, please click here

InfoWorld Cloud Computing


All articles

Nvidia chief downplays challenge from Google’s AI chip

Nvidia has staked a big chunk of its future on supplying powerful graphics chips used for artificial intelligence, so it wasn’t a great day for the company when Google announced two weeks ago that it had built its own AI chip for use in its data centers.

Google’s Tensor Processing Unit, or TPU, was built specifically for deep learning, a branch of AI through which software trains itself to get better at deciphering the world around it, so it can recognize objects or understand spoken language, for example.

To read this article in full or to leave a comment, please click here

CIO Cloud Computing

All articles


All articles