Technology

Equifax breach affected 8000 Canadians, cybersecurity report concludes

Equifax breach affected 8000 Canadians, cybersecurity report concludes”

Newly identified victims won't be able to find out that they were affected by the breach for up to five more days. The company emailed out that warning the following day and requested that applicable personnel install the upgrade.

"Consistent with Equifax's patching policy, the Equifax security department required that patching occur within a 48-hour time period", Smith wrote.

But in this case, it wasn't.

Richard Smith, the former CEO of Equifax, is set to formally testify before the U.S. House Committee on Energy and Commerce Subcommittee on Digital Commerce and Consumer Protection, on Oct.3 to answer questions about the breach. Specifically, the company was in the middle of a dispute with its security firm Mandiant Inc. which was hired March 1 to investigate potential data breaches at the company. The investigations were the result of action by multiple senators and legislative committees highlighting the severity of the breach and the deficiencies of Equifax's response, as well as threats by several states to bring suit against Equifax. He said that hearings before four House and Senate panels this week should run their course before lawmakers make a decision about what to do next.

On Monday, Equifax increased the number of affected consumers to more than 145 million.

Smith also takes responsibility and apologizes for the incident.

Equifax lawyer Theodore Hester said in a letter dated Thursday to members of Congress announcing the review that the company "takes these matters seriously" and has retained lawyers. Almost one out of every two people in the United States is potentially impacted by this Equifax disaster - we're now at a solid 45%.

Smith abruptly retired last week, taking no severance or bonus for this year, but he remains eligible for $18.4 million in pension benefits.

"The people affected by this are not numbers in a database", Smith said.

"It is time to have identity verification procedures that match the technological age in which we live", he said. Smith said he found out about suspicious activity in a July 31 message from the company's security group.

A week after the breach, two top-level officials at the company stepped down. Equifax is continuing discussions with regulators in the United Kingdom regarding the scope of the company's consumer notifications as the analysis of the completed forensic investigation is completed.

The testimony from Equifax's former chief executive and chairman also offered a chronology of the incident. Equifax has said the executives were not aware of the breach when they sold stock.

The UK investigation has also been completed, but no details were released as the information is still being analysed.

Mandiant revealed, the massive data breach in Equifax has affected more 2.5 million U.S. users than original estimation.

The company is offering free credit monitoring and credit freezing for people who are concerned about their data falling into the wrong hands.

Smith said the full extent of what occurred emerged during a meeting he had with cybersecurity experts and outside counsel on August 17.



Like this

Latest




Recommended