Credit report company Equifax said on Monday that 2.5 million more Americans may have been affected by the massive security breach of its systems, bringing the total to 145.5 million people.
The testimony from Equifax’s former chief executive and chairman also offered a chronology of the incident.
Kelley joined Equifax in 2013 from the law firm King Spalding, where he had worked for 27 years.
Over the following weeks, Smith said Equifax and its advisers analyzed data to determine the scope of the breach. “We didn’t live up to expectations”.
Democrat of New Jersey, called for Congress to pass legislation that would do more to protect consumers whose personal data is stolen in such breaches. But, as outlined in Smith’s testimony, the company’s security department did not respond accordingly.
Additionally, while Equifax had originally projected that almost 100,000 Canadians could have been affected by the breach, that turned out not to be the case.
The US Homeland Security Department alerted Equifax on March 9, and on March 15, the company ran tests for vulnerabilities but came out empty. Unfortunately, however, the scans did not identify the Apache Struts vulnerability.
“Equifax’s efforts undertaken in March 2017 did not identify any versions of Apache Struts that were subject to this vulnerability, and the vulnerability remained in an Equifax web application much longer than it should have”, the former CEO admitted. I understand that Equifax’s investigation into these issues is ongoing. Adding that the “company was not aware of the access at the time”. According toThe New York Times, he plans to tell the first group of interrogators that “Equifax was entrusted with Americans’ private data, and we let them down”. At one point, Equifax’s social media team directed affected consumers to a site created to spoof Equifax by pointing out how easy it would be to set up a phishing site targeting Equifax customers.
Two months passed before Equifax security workers noticed suspicious activity on the firm’s computers.
The next day, Equifax took the web portal offline. “I take full responsibility”, he said in opening remarks.
Equifax cut off the attackers at that point and began an investigation, but it did not grasp the scale of the theft – including the discovery that consumers’ personal information had been breached – until mid-August. Equifax and their security staff apparently learned on July 29 of what had happened.
Smith said call centers were understaffed for the heavy volume of calls from consumers, and two of its call centers were forced to close when Hurricane Irma hit.
Latta says laws are already on the books that are created to ensure consumer data is secured safely.
If your personal information was compromised in the Equifax data breach, Consumer Reports says there are several things you can be doing, right now. The Mandiant investigation revealed that the number is significantly less, with only approximately 8,000 Canadians at risk.