Many questions after Equifax revises it's potential victims to 145.5 million

Many questions after Equifax revises it's potential victims to 145.5 million

Smith testified before the U.S. House Committee on Energy and Commerce.

One Texas congressman suggested to Smith that companies would be more sensitive to cyber threats if they had to pay a fine for every person whose data is exposed.

The breach, which happened in May, was discovered in July, but only disclosed last month, gave hackers access to social security numbers, birth dates, addresses, driver's license numbers and credit-card information.

One of the problems is that not all of Equifax's large team may have been professionals, including the leaders.

In regards to the three company executives that sold almost $2 million worth of stock on Aug.1 and August 2, just days after the company discovered there had been some sort of "suspicious activity", Smith said, to the best of his knowledge, these executives were unaware of the cyber intrusion. Equifax is now offering free credit monitoring and credit freezes.

Former chief executive Richard Smith is slated to testify in front of four congressional committees this week, and frustrated lawmakers are expected to grill him on the company's cybersecurity practices, its immediate response to the hack and reports of insider trading.

The $7.25 million no-bid contract to Equifax was posted the last day of the fiscal year, Saturday, on the government's Federal Business Opportunities database.

On a website for affected USA consumers, Equifax explains that the complex and time-consuming investigation is behind the delay between its discovery of the breach and disclosing it. Equifax since sent out a statement retracting that language and saying consumers could sue, which they have started to do.

Only then, Smith said, did he notify the company board of directors. The data of customers in Canada and the United Kingdom have also been stolen.

That includes Social Security numbers, birthdates, credit history and much more.

- Separately, the administration of President Donald Trump is considering replacing the use of Social Security numbers as personal identifiers in the wake of the Equifax hack, White House cyber-security coordinator Rob Joyce said at a conference on October 3, Bloomberg reported. They have made themselves indispensable to the smooth functioning of the US economy by collecting reams of essential information about consumers - without their consent - and selling it to banks, auto dealers, mortgage lenders and other companies that deal with the public in some way.

Sen. Heidi Heitkamp, D-N.D., said Equifax forced the IRS to take the contract for another year after issuing a protest.

The former CEO said the second cause of the attack was a failure of automated scanning conducted a week after the patch should have been applied.

Smith also said the breach was the fault of a single individual whom he did not name, who failed to install a patch for a vulnerability in software used by the company.