Sorry for the Hack, Bad Customer Service

Equifax says in a Tuesday news release that investigators have identified 2.5 million more US consumers' personal details were exposed than they initially found.

This brings the total number up to 145.5 million - or half the population of the USA.

Summary: The top lawyer at Equifax is being investigated for his role in the share sales by some of the company's top executives.

Smith said that provision was "never meant to apply in the first place" and was the result of copying and pasting the terms of services from another Equifax product and included in the offering to breach victims.

The company later says the hackers gained access through the vulnerability in Apache Struts, which supports Equifax's online dispute portal web application. Equifax said the company it hired to do an examination of the breach, Mandiant, has concluded its investigation and plans to release the results "promptly".

Paulino do Rego Barros Jr., who was named the company's new CEO on Tuesday, announced that move Thursday, along with other efforts to improve its problem-plagued response to a massive data theft affecting 143 million Americans. The House subcommittee holding the hearing has jurisdiction over e-commerce and consumer protection issues.

Smith said both technology and human error opened the company's system to the cyber hack, which has been a calamity for Equifax, costing it about a quarter of its stock market value and leading several top executives to depart. "I am here today to apologize to the American people myself", he said in his testimony.

He continued, explaining that regime changes are underway at the Atlanta credit reporting firm: "We also continue to work closely with our internal team and outside advisers to implement and accelerate long-term security improvements".

"To each and every person affected by this breach, I am deeply sorry this occurred", said Smith, who will make his first of four appearances on Capitol Hill this week on the breach. Mandiant and Equifax worked "literally around the clock" to identify and understand unauthorized activity on its network and the scale of the hack, including whether personal information was taken.

Security experts have warned that other organizations may be vulnerable to similar breaches because of the technical challenges involved in patching a flaw in applications software. Webb will be replaced by Mark Rohrwasser, who joined the company a year ago, Equifax said in an emailed statement.

"It is time to have identity verification procedures that match the technological age in which we live", the prepared remarks say.

The company also risks revenue loss resulting from reduced business, especially considering customers' loss of confidence in the company to secure data.

The Equifax hacking sparked widespread outrage, as well as bipartisan demands for more information from the company on how the security debacle happened and what steps the company is taking to handle the fallout.

  • Zachary Reyes