Equifax CEO testifies to US Congress about massive data breach

Global Business

Richard F. Smith, former chairman and CEO of Equifax, testifies during a hearing before the Digital Commerce and Consumer Protection Subcommittee of the House Commerce Committee on Capitol Hill, Tuesday, Oct. 3, 2017, in Washington. (AP Photo/Carolyn Kaster)

The former Chief Executive of the company responsible for one of the biggest data hacks in U.S. history has been heavily criticized by lawmakers.

Richard Smith, who ran credit scoring company Equifax, appeared before Congress to explain how such sensitive information was breached.

The scandal has led to calls for an overhaul in the way companies use consumer data.

CGTN’s Owen Fairclough reports.

This was the day Mr. Smith went to Washington – facing the music for a massive data hack on his watch as the head of credit scoring company Equifax.

“It’s like the guards at Fort Knox locked the doors as the thieves were inside emptying the vault,” U.S. Congressman Greg Walden said. “And on top of all the security issues, multiple times Equifax Tweeted the wrong URL directing consumers to the wrong website to check to check if they were part of the breach. Talk about a ham handed response! This is unacceptable.”

The breach of information that included social security and driver license numbers – critical for building a vital credit profile in the U.S. – affected more than 145 million people. That’s nearly half the population.

Government security officials warned Equifax back in March it needed to fix a vulnerability in its software. But this wasn’t done and hackers were able to siphon personal data out of the company for about three months before the alarm was raised. The company still doesn’t know who’s responsible.

Lawmakers are concerned that although Equifax is offering consumers free services such as locking their credit reports to third parties, they’re still vulnerable. The former CEO was contrite in a heated exchange with some lawmakers.

The Equifax breach follows hacks of consumer data at companies such as Sony and Target.

But it’s the compromising of social security numbers – used in the U.S. as a single link between consumers and a mass of financial and personal information – that’s raising particular concern among campaigners for greater data privacy.

“These universal identity numbers are where the problem begins so I would prohibit the use of the social security number and its use in the building of profiles on consumers,” Marc Rotenberg, Executive Director for the Electronic Privacy Information said. “I think you need discrete record systems and I think that is the better approach to protecting privacy and reducing the risk of identity theft.”

While Smith has left his company in disgrace, the data scandal may have achieved a rare feat in the current U.S. political climate – bringing some Republicans and Democrats together to call for legislation aimed at better protecting consumers who fall victim to data breaches.

Shawn Tuma talks about the Equifax hack

CGTN’s Susan Roberts spoke to Shawn Tuma, cybersecurity & data privacy partner and an attorney with Scheef & Stone, LLP in Dallas about the Equifax hack, the nature of cyberattacks and how to protect against future data breaches.