From CNET: Equifax's former CEO is blaming many of the company's mistakes on a single person, and it's not himself.
Richard Smith, who was Equifax's CEO for 12 years before stepping down on Sept. 26, faced questions from the House Committee on Energy and Commerce on Tuesday, as Congress members slammed the former leader for the company's oversight.
"Equifax deserves to be shamed in this hearing," Rep. Jan Schakowsky, a Democrat from Illinois said in her opening statement.
On Sept. 7, Equifax announced it suffered a massive breach affecting half of the US population, after cybercriminals stole social security numbers, names, birthdates and addresses from 145.5 million Americans. The company faced public scrutiny for the breach, as well as failing to handle the fallout, thanks to glitches and multiple mistakes.
During the hearing, Smith gave an inside perspective on how Equifax lost all that data. He opened with an apology, taking responsible for the breach and the botched response.
Equifax had learned about the Apache Struts vulnerability in March, but never patched it, ultimately leading to the massive breach. Smith said Equifax did everything it was supposed to, but still failed to protect its data.
"Both human deployment, and the scanning did not work. But the protocol was followed,"Smith said.
In his testimony, Smith blamed a faulty scanner for not flagging the vulnerability on March 15, and a single Equifax staffer responsible for mishandling patches on March 9. He did not name who this person was. Equifax did not respond to a request for comment on if this person still works at the company.
View: Article @ Source Site
