In prepared congressional testimony, Richard F Smith said the millions are not just numbers in a database, but friends, family, neighbors and members of his church. The revelation last month of the disastrous hack to Equifax's computer system rocked the company which faces several state and federal inquiries and a myriad of class-action lawsuits.
"To each and every person affected by this breach, I am deeply sorry that this occurred. Whether your personal identifying information was compromised, or you have had to deal with the uncertainty of determining whether or not your personal data may have been compromised, I sincerely apologize," Smith said. "The company failed to prevent sensitive information from falling into the hands of wrongdoers."
Lawmakers are expected to question Smith on how the company allowed the breach to occur, why it took as long as it did to notify consumers and what's it's doing to help consumers protect themselves going forward. The House subcommittee holding the hearing has jurisdiction over e- commerce and consumer protection issues.
The company disseminated that warning by email the next day and requested that applicable personnel install the upgrade. The company's policy requires the upgrade to occur within 48 hours, but Smith said that did not occur. The company's information security department also ran scans on March 15 that did not pick up the vulnerability.
"I understand that Equifax's investigation into these issues is ongoing," Smith said in the prepared remarks. "The company knows, however, that it was this unpatched vulnerability that allowed hackers to access personal identifying information.
Disclaimer: No Business Standard Journalist was involved in creation of this content