Scandal-plagued Equifax wins $7.25 million contract from IRS

Just when you thought you'd heard the worst, Equifax announced that another 2.5 million consumers had their personal information stolen from its database, bringing the total to 145.5 million folks left vulnerable to identity theft.

That was the data pool hacked over the summer through an unpatched Apache Struts vulnerability, resulting in the theft of data on over 145 million people, mainly Americans, but also 8,000 Canadians and 100,000 in the United Kingdom.

Equifax and an independent cybersecurity forensic consulting firm, Mandiant, worked "literally around the clock" to figure out what happened, Smith said.

But, Latta argues companies like Equifax must protect private details, like social security numbers.

In addition to the hearings, the hack has prompted state attorneys general and several federal agencies to examine the data breach and the company's response.

While Smith told members of Congress that the executives did not know about the breach at the time of the sale, lawmakers remain deeply skeptical. "I don't think we can pass a law that - excuse me for saying this - but fixes stupid", Rep. Greg Walden, R-OR, said. "When they go to get inside of the lock product, that is a service to them, and that is the only service they will get", Smith said, while not confirming or denying that consumer data may be shared or sold.

Smith said security personnel noticed suspicious activity on July 29 and disabled the web application on July 30, ending the hacking.

Equifax disclosed the breach of the date of up to 143 million Americans on 7 September.

The way Barton sees it, if his bill were to become law, anyone whose information was compromised in a data breach would be eligible for "automatic compensation". In her initial letter to Equifax, Warren criticized the agency's lack of transparency about the hack, its slow response, and its insufficient-even predatory-efforts to protect affected customers in the aftermath. "Companies like Equifax need more accountability, not less", said Schakowsky, an Illinois Democrat.

The Equifax hacking sparked widespread outrage, as well as bipartisan demands for more information from the company on how the security debacle happened and what steps the company is taking to handle the fallout.

The entire system was excoriated by the representatives, from the confusing web addresses to Equifax staff tweeting out the wrong address to crashing websites and long phone hold times.

"We went from 500 call center agents to a need of nearly 3,000", Smith said.

Smith noted that on March 8, U.S. CERT and the Department of Homeland Security issued an alert about the Struts vulnerability, advising Equifax and others to patch quickly.

I'd like to offer some advice to Equifax: Please stop telling us stuff is safe now.

ABOUT EQUIFAXEquifax is a global information solutions company that uses trusted unique data, innovative analytics, technology and industry expertise to power organizations and individuals around the world by transforming knowledge into insights that help make more informed business and personal decisions.

The company says its chief information officer and chief security officer are retiring.

  • Salvatore Jensen