Equifax's CEO Knew A Breach Took Place Over A Month Before The Public

Richard Smith, who is now retired, outlined how the company handled the breach in congressional testimony.
Posted at 12:36 PM, Oct 03, 2017

The then-CEO of Equifax, the company that was hit with a cyberattack that compromised over 145 million Americans' personal data, says he knew a breach took place over a month before it was announced to the public.

Richard Smith said in written testimony he heard a data breach took place on July 31 — over five weeks before the company publicly announced the breach on Sept. 7.

And although Equifax reached out to a law firm and cybersecurity firm a couple days after Smith heard about the breach, he didn't let board members know for three weeks.

By that point, Smith had already learned "large volumes of consumer data" were leaked, according to his testimony.

Equifax originally announced about 143 million Americans had their personal information compromised. A cybersecurity firm retained by the company reported Monday that number might actually be closer to 145.5 million — 2.5 million more than initially reported.

Equifax did reach out to the FBI shortly after learning of the breach, and its investigation is ongoing. Equifax is also under a congressional investigation spearheaded by Sen. Elizabeth Warren.

This all comes from Smith's written testimony ahead of his appearance in front of the U.S. House Committee on Energy and Commerce on Tuesday. It's part of a round of hearings Congress is conducting on Capitol Hill this week in the wake of the breach.

Smith was CEO of the credit-monitoring service for 12 years before abruptly retiring a few weeks after the hack went public. He said in the testimony he was "deeply sorry" for the breach.