Equifax failed to patch security vulnerability in March: former CEO


New findings show that an additional 2.5 million U.S. consumers have likely had their personal information exposed, bringing the total number up to 145.5 million people affected by the breach.

Consumer Financial Protection Bureau officials have said the agency should embed more regulators at the three largest US credit-rating firms to monitor cybersecurity - a plan endorsed Tuesday by Representative Jan Schakowsky. "I am here today to apologize to the American people myself".

The company now faces investigations in both USA and Canada. And, he asked, why was it that a software scanner never detected that the vulnerability went unfixed?

Hackers have unauthorized access to Equifax Inc.'s files. However, Smith said, the system failed to identify any vulnerabilities.

Equifax's security team observes suspicious network traffic on a us online dispute portal web application. The company's cyber security team caught the unauthorized access on July 29.

"It would be a paradigm shift for the consumer", Smith said. He said that recognition only occurred after forensic experts conducted their review in the following weeks.

Equifax disclosed the breach of the date of up to 143 million Americans on 7 September.

Equifax stands to make money off consumers through at least two major ways.

Since the breach, Equifax has been offering a credit lock to those affected, which would prevent the sales of information to other companies, though the information that was taken was kept in a portal that was not encrypted.

Equifax is facing investigations in Canada and the USA, as well as at least two proposed class actions filed in Canada. A week later, Warren launched an investigation into the breach, sending letters to the three largest credit reporting agencies with detailed questions about their plans to shore up protections in order to avoid future problems. Criminals stole the data between May and July, Equifax said. Sumner, the firm's chief privacy officer, leads its data security and privacy practice. Both are replaced with internal employees on an interim basis effective immediately.

Equifax said hackers exploited a months-old, unpatched Apache Struts flaw to carry out the breach, dubbed one of the largest and worst-ever breaches in United States history due to the sensitive nature and value of the data compromised.

But voluntary or mandatory monetary compensation is likely out of the question for Equifax, since it originally wouldn't help people unless they legally waived their right to a lawsuit - a stipulation found deep in the website in its general terms and conditions contract.

The Equifax hacking sparked widespread outrage, as well as bipartisan demands for more information from the company on how the security debacle happened and what steps the company is taking to handle the fallout.