Mr. Smith goes to Washington


Snapshots from the Equifax hearing:

Breach happened because someone didn’t get the memo

Equifax CEO Richard Smith told lawmakers at a Tuesday hearing that the company’s massive investments in data security didn’t work because one individual failed to tell the right people to patch faulty software.

On March 8, Equifax got a notice from the U.S. Department of Homeland Security that software it used, called Apache Struts, had a “vulnerability” to hackers.

The next day, Smith told lawmakers in opening remarks, Equifax followed its standard policy for dealing with security threats, telling “a large number of people” on the company’s 225-member security team to check for the flawed software. But an individual that he didn’t name failed to communicate that the company was using the flawed software in one application and that a software patch was needed.

“The protocol was followed,” said Smith. “It did not work.”

Rep. Greg Walden, R-Oregon, was incredulous.

How could a “sophisticated company ... with so much at stake” drop the ball? he asked. “Do you not have a double check?”

“The double check was to have the scanning device,” Smith answered, referring to technology that Equifax used a week later to check for vulnerable versions of the Apache Struts software. But it failed to catch the unpatched software, he said.   

Equifax criticized for “lax attitude”

Rep. Frank Pallone, D-N.J., called Equifax’s failure to prevent a data breach a sign of a “lax attitude” toward protecting consumer’s personal data.

Equifax’s “entire corporate culture needs to change,” he said, to focus on security. “After all, this is not Equifax’s first data breach.”

Legislation needed to protect consumers

Rep. Jan Schkowsky, D-Ill., said re-introduced her “Secure and Protect Americans’ Data Act” to require tougher security standards and quicker notification of breaches.

“Because consumers don’t have a choice, we can’t trust credit reporting agencies to self-regulate,” she said at the hearing.

She said Equifax had suffered three major data breaches in the past two years, and taken months to detect the latest hacking incident and months more to inform consumers.

“Equifax deserves to be shamed at this hearing,” she said, but Congress needs to come up with legislation that will require quick notification and “appropriate relief” for consumers. 

  

Original story:

Former Equifax CEO Richard Smith is expected to tell lawmakers Tuesday that a string of human and technology lapses at the Atlanta credit-tracking firm allowed hackers to steal key personal data, including Social Security numbers, on nearly 146 million Americans.

Smith, who stepped down last week, is set to testify before the House Energy and Commerce Committee at 10 a.m. Tuesday.

“We at Equifax clearly understood that the collection of American consumer information and data carried with it enormous responsibility to protect that data,” Smith said in prepared testimony released Monday. “We did not live up to that responsibility.”

But Smith is likely to face numerous questions from lawmakers on how the company failed to install a needed software patch after being warned of a weakness months earlier by the U.S. Department of Homeland Security.

Other sore points lawmakers are likely to probe include the company’s slow disclosure of the data leak to consumers, failure to prepare for heavy call and online volumes from panicked consumers, and company stock sales by three top executives before the data breach was disclosed.

The company has said the executives didn’t know about the data leak at the time of their sales.



Reader Comments ...


Next Up in Business

UPS mechanics union takes out ads to turn up heat in contract talks
UPS mechanics union takes out ads to turn up heat in contract talks

The Teamsters union representing UPS aircraft mechanics is taking out ads amid heated labor contract talks with management. The national advertising campaign running in the Seattle Times and editions of USA Today in Atlanta, New York, Los Angeles, Chicago and other areas, as well as on Facebook and Instagram, says: “What every American should...
Atlanta’s Equifax faces bumpy road, but expected to survive
Atlanta’s Equifax faces bumpy road, but expected to survive

Equifax is nearing the end of an embarrassing, awful year. Since announcing in September that hackers had accessed its data on more than 145 million consumers, the Atlanta-based company has been dealing with sustained backlash. And there’s more to come as the credit reporting agency steers through a slew of obstacles, from the costs of placating...
CBS, PBS fire Charlie Rose following allegations of unwanted sexual advances
CBS, PBS fire Charlie Rose following allegations of unwanted sexual advances

CBS said Tuesday that it has fired Charlie Rose "effective immediately," following an extensive Washington Post report that detailed alleged unwanted sexual advances toward women by the 75-year-old broadcaster. His firing was announced by CBS News president David Rhodes, who wrote in a midday memo to the network's staff that the action "...
Kempner: Confessions on the laziest, most-popular Christmas gift idea
Kempner: Confessions on the laziest, most-popular Christmas gift idea

Year after year, we return to the holiday season and ponder what special gifts would bring joy to friends and loved ones. And, once again, most Americans somehow arrive at the same answer: a plastic card. Or, increasingly, a digital equivalent of one. Gift cards are pretty much the easiest, fastest gift to give on the face of the Earth. (I know: unless...
City sells Civic Center to Atlanta Housing Authority for redevelopment
City sells Civic Center to Atlanta Housing Authority for redevelopment

The Atlanta Housing Authority has closed on its purchase of the Civic Center property, a key step in a planned $300 million-plus redevelopment of the aging performing arts center into a mixed-use, mixed-income development. Mayor Kasim Reed and Catherine Buell, the CEO of AHA, said 30 percent of future housing units will be designated as affordable...
More Stories