Former Equifax Chief Answers Questions on Capitol Hill about Breach
1 replies, posted
[quote]Lawmakers hammered former Equifax chief executive Richard Smith Tuesday with extensive rounds of questioning during the first congressional hearing since the disclosure of the massive data breach.
Representatives from both parties questioned Smith for nearly three hours on his role at the credit reporting agency and indicated that tighter data security standards are long overdue. At one point Rep. Ben Ray Luján (D-N.M.) called the situation a “travesty.”
Rep. Greg Walden (R-Ore.), the chairman of the House Energy and Commerce Committee, described Equifax's response to the breach as “ham-fisted” and “unacceptable,” echoing several other lawmakers on the panel. In a dramatic exchange, Walden held up a thick stack of paper, which he said was a Equifax credit report, and asked Smith how such a sophisticated company responsible for so much data could allow the breach to occur. “How does this happen?” he said.
Smith confirmed at the hearing that intruders accessed the company's network by exploiting a known vulnerability that Equifax had failed to patch. But Smith said the employee responsible for assigning a correction to that vulnerability failed to do so, even though that person knew the patch was needed.
Smith also fielded questions concerning reports that his former colleagues sold an unusual amount of stock after the breach was discovered but before it was disclosed to the public. Smith said that at the time, Equifax knew only that suspicious activity had been detected and not that personal information had been stolen from the company. “To the best of my knowledge they did not know,” Smith said.
[B]
When asked several times about whether Equifax suspects a nation state was involved in the breach, Smith did not give a direct answer. “I have no opinion,” he said. Smith emphasized that the FBI is involved.[/B]
Later in the hearing, Rep. Joe Barton (R-Tex.) told Smith that Equifax appears to collect far more data than is needed to determine creditworthiness, and questioned why companies should not be obligated to pay consumers for failing to protect their information. “I think it's time at the federal level that we put some teeth into this,” he said, referring to data security legislation.[/quote]
[url=https://www.washingtonpost.com/news/the-switch/wp/2017/10/02/what-to-expect-from-equifaxs-back-to-back-hearings-on-capitol-hill-this-week/]Washington Post[/url]
Guy deserves serious prison time
Sorry, you need to Log In to post a reply to this thread.