WASHINGTON, DC - A day after testifying before the House subcommittees, Former Equifax CEO Richard Smith received another grilling on Capitol Hill, this time from Minnesota Senators Amy Klobuchar and Al Franken.
Smith was questioned Wednesday by a Senate Banking committee and a Senate Judiciary subcommittee about the recent data breach affecting 145 million Americans.
Questioned fmr CEO of Equifax today on their major data breach. Must get to the bottom of this and stop it from happening again.— Amy Klobuchar (@amyklobuchar) October 4, 2017
“Mr. Smith, I know you’re about to tell us how sorry you are, and I’m sure you’ve had a lot of sleepless nights in recent months. But as a business that has consistently operated with little to no regard for the well-being of American consumers, I’m wondering whether you—and the rest of Equifax’s leadership—foresaw the gravity of a breach and failed to take the proper precautions because you simply don’t care," said Franken.
"And because you don’t have to care. Equifax won’t be losing any business as a result of its failures. American consumers are not able to walk away and take their business—or their personal information—elsewhere. And that’s because those consumers aren’t actually your customers; they are your product. And you’ve been treating them as such for years,” he added.
Smith admitted that the company had sent a warning to security staffers in March about a known flaw in software it used. Smith said the person on the Equifax computer security team who was responsible for patching the vulnerability didn't.
A week later, the company's information security department ran scans that should have found any systems still running the vulnerable software.
Those scans didn't catch it either. Had they, it may have been different. The hackers who broke into Equifax appear to have first accessed sensitive information two days before those scans took place.
Instead of being discovered, the hackers were able to plunder information of 45% of all Americans until they were finally found 11 weeks later.
"What do you think other companies can learn .. from both on prevention and your response?" Klobuchar asked.
"The rate of change and sophistication of cyber attacks is unbelievable. It was not unusual for us to identify and block millions of attempted suspicious attacks every year. So, challenge yourself creatively and never take security for granted. (On response) I'm not sure what more we could've done," Smith added.