BREACH BUM BASHED
Hill hell for Equifax
For at least three hours on Tuesday, Democrats and Republicans in Washington had no trouble agreeing on an important issue.
Unfortunately for former Equifax CEO Richard Smith, both parties were of the same mind when it came to how badly they thought the former executive handled a flaw in the software running a part of its Web site.
The inability of Smith’s company to detect the flaws led to a cyberattack that drained the personal information of 145.5 million Americans from its system.
While Equifax’s ex-CEO faced a barrage of criticism on Capitol Hill on Tuesday, he provided few new details on how cyber-thieves were able to swipe the personal data of 145.5 million Americans.
“It’s like the guards at Fort Knox forgot to lock the doors and failed to notice the thieves were emptying the vaults,” Rep. Greg Walden (R-Ore.) said.
“I don’t know that we can pass a law that, pardon me for saying, can fix the stupid,” Walden said, ripping into Smith as part of the grilling of Equifax’s former leader.
Smith repeatedly apologized for the hack — and blamed a single employee and a technological error for the massive breach.
Members of the House committee learned that Smith, who — despite finding out on July 22 that his company was hacked — didn’t even ask his tech team whether the thieves had made off with people’s personal information.
It wouldn’t be until Aug. 15 that he first heard that data — including Social Security numbers, credit card numbers, addresses and driver’s license numbers — were in the trove of information that was siphoned off.
Later, Smith conceded that it was a “mistake” to include language in an offer for a free credit monitoring system that would bar customers from suing Equifax.
Such a bone-headed demand was “boilerplate” and was later removed, Smith said.
Separately, Equifax just signed a no-bid contract with the Internal Revenue Service to provide personal information on taxpayers.
The IRS signed the $7.25 million contract with the credit-monitoring company without taking other bids because the deal was considered “critical” and the agency couldn’t let it lapse, according to Politico, which first reported on the deal.
Under the contract, Equifax will provide the IRS taxpayer and personal identity verification services.
The deal came to light as Smith was being grilled in the House on the massive data breach.
Nonetheless, the hearing appeared to ease some concerns on Wall Street as Equifax’s shares rose 2.5 percent, to $110.45.