Hours before his three-day hearing at the Senate and the House of Representatives, the former Equifax CEO Richard Smith sent a prepared testimony to the media in an attempt to explain what had led to the data breach in September according to PBS.
At the very beginning of his letter, the now-retired Smith stated the breach occurred due to a mixture of human error and technical failure. However, it was not made clear who the person in charge was as well as what his or her status within the company was.
Smith explained that according to the ongoing investigation, it all started with an e-mail from the U.S. Department of Homeland Security’s Computer Emergency Readiness Team (“U.S. CERT”) in early March. It said the company had to patch a vulnerability in certain versions of Apache Struts software, which is a portal where customers could object to certain marks on credit reports.
After an internal investigation, it was found that the patch was not made within 48 hours of the email per company policy. On top of this, the company has on record security scans coming up clean by mid-March, failing to detect the Apache vulnerability. The statement went into further detail on what happened afterwards.
By the end of July, the IT security department noticed suspicious network traffic coming from the consumer dispute portal. They attempted to block the traffic only to notice it occurring again the next day. Afterwards, the portal was taken offline, ending the hack.
According to the internal investigation, the wrongdoers managed to find paperwork and a significant database containing personal information for clients, including their social security numbers, driving licenses, and more. After a series of meetings, Smith agreed to allocate external ICT services to help the in-house personnel with identifying the size of the breach.
By the beginning of September, it was clear that the personal information of 143 million customers was compromised. Additionally, the hackers gained access to about 209,000 credit card numbers.
In response, the company immediately launched a free remedy package for all Americans who were all potentially affected; the package provided numerous services. It helped consumers consider options such as freezing and monitoring credit files across Equifax, Experian, and Transunion. It provided an insurance package to cover potential costs for identity theft issues. It provided for a dark web scan for the social security numbers. In addition to that, the company also released a security tool it had been working on for months, helping consumers freeze and unfreeze their credit files.
The Equifax data breach will still go down in U.S. history as one of the most significant data breaches ever. It affected not only Americans, but nearly 400,000 in the United Kingdom and 100,000 Canadians.
Author: Dave Rathmanner
Join the LendEDU Newsletter
News, insights, & tips once a weekThanks for submittingPlease Enter a valid email
Credit Cards by Brand
Best Credit Cards by Type