Equifax Breach Caused by Lone Employee’s Error, Former C.E.O. Says
Mr. Smith responded, “That requires a much broader discussion around the role of the credit reporting agencies.”
Mr. Smith got tangled up several times trying to explain the difference between credit freezes, which allow people to block access to their credit reports,
and locks, an industry-backed alternative that the bureaus say are easier for consumers to use.
The company previously said that an unpatched software flaw had been to blame for the massive security breach, but on Tuesday, Mr. Smith went a step further, describing the “human error and technology failures”
that turned a single oversight into a data breach that allowed attackers to obtain personal details on nearly half of America’s population.
WASHINGTON — The Equifax data breach, which exposed the sensitive personal information of nearly 146 million Americans, happened
because of a mistake by a single employee, the credit reporting company’s former chief executive told members of Congress on Tuesday.
If the bill had been law during the Equifax breach, it would have required
that affected individuals were notified of the breach in writing, and they would have been entitled to 10 years of free credit monitoring and credit freezes, according to a Democratic congressional aide.
The congressional hearing — the first of four this week at which Mr. Smith was scheduled to testify — presented lawmakers
with an opportunity to showcase their populist ire, albeit aimed at the former executive of a previously obscure company.