How Equifax’s 225 Cybersecurity Professionals Missed the Hack

“I don’t think we can pass a law that can fix stupid.”

October 3, 2017 2:57 pm
Equifax Inc., offices in Atlanta
FILE - This July 21, 2012, file photo shows Equifax Inc., offices in Atlanta. On Monday, Sept. 11, 2017, Equifax said it has made changes to address customer complaints since it disclosed a week earlier that it exposed vital data on about 143 million Americans. Equifax has come under fire from members of Congress, state attorneys general, and people who are getting conflicting answers about whether their information was stolen. Equifax is trying again to clarify language about people’s right to sue, and said Monday it has made changes to address customer complaints. (AP Photo/Mike Stewart, File)

What should have been a routine software fix was instead missed by the entirety of Equifax’s 225-person computer security division, USA TODAY reports, allowing hackers to gain access to the private information of 145.5 million U.S. residents. Their credit could be destroyed for years to come, the publication notes.

The circumstances that led to the breach came to light in the first of four Congressional hearings, in which former Equifax CEO Richard Smith was questioned by the House Energy and Commerce Committee over how the company handled the breach. Rep. Bob Latta, a Republican from Ohio, reportedly called the hack not only “unprecedented,” but “also unique because of the sensitivity of the information stolen.”

“The public deserves to know what happened,” Latta said.

Rep. Greg Walden, a Democrat from Oregon, was more direct.

“How does this happen when so much is at stake? I don’t think we can pass a law that can fix stupid.”

The InsideHook Newsletter.

News, advice and insights for the most interesting person in the room.