Unraveling the Equifax Data Breach

Posted October 04, 2017

An external cybersecurity firm's forensic investigation into the Equifax breach has concluded, and the number of individuals affected by the hack attack has gone up.

Equifax then compounded its mistakes by making it hard, if not impossible, for consumers to freeze their data, thus preventing its illicit use - and charging the consumer for the privilege! The rules in force in the company require that this type of problem be corrected within 48 hours, but the internal systems not having the detected fault, and therefore it has not been corrected, he stated, without further explanation.

He emphasized that data held in what he called Equifax's core consumer and commercial reporting databases wasn't hacked.

According to Equifax, only about 8,000 Canadian customers were affected as a consequent of the high-profile breach of their cyber data. It was mentioned repeatedly by lawmakers at the hearing, which looked broadly at the breach, its effect on consumers and concerns about insider trading.

U.S. lawmakers have questioned the former head of credit-scoring company Equifax about a cyber attack which may have exposed personal information of more than 145 million people.

Smith said the backup plan put in place was technological - a software scan for vulnerabilities - and that failed, too.

On top of that, Smith failed to ask basic questions when he was notified of suspicious activity on July 31.

Rep. Tony Cardenas, D-Calif., said he wants Equifax to provide a trail of the communication regarding the incident and its timeline.

The deal was finalized last week, according to the federal government website that tracks contracts.

"The breach of your system has actually created more business opportunities for you", Warren, a Democrat known for her consumer advocacy, told former Equifax Chief Executive Officer Richard Smith during his second congressional grilling this week.

The agreement was first reported by Politico.

The notice describes the contract as a "sole source order", meaning Equifax is the only company deemed capable of providing the service. A number of lawsuits have been filed against the company for allegedly mishandling people's data. The deal provides the IRS with "a critical service that can not lapse", according to the agency's notification on the database.

Smith will face the House Energy and Commerce Committee on Tuesday but there will be three more such hearings this week.

Smith, who retired from the company last month shortly after admitting to the breach and the mis-handling of Equifax's response, took the heat. On Wednesday, Smith will testify twice - before the Senate Banking Committee and a Senate Judiciary subcommittee on privacy. The company is now under investigation by the Department of Justice, the FBI and the Federal Trade Commission.

The Equifax data breach has also spurred similar legislation in other states, including Massachusetts, Michigan and NY.