Today former Equifax CEO Richard Smith, who announced his retirement last week, is testifying before the House Energy and Commerce Committee. Lawmakers are grilling him about what exactly happened that led to the huge data breach that impacted 145.5 million people. In his opening statement, Smith said much of what we have already heard. He apologized for what happened and blamed a mixture of human and technological error.
In questioning Smith, Representative Greg Walden (R-Ore.) tried to learn more about the human error side of things: Why was it that the security team was not informed about the issue even though it was discovered some time before?
After some back and forth, Smith ultimately blamed an anonymous employee. “The human error was [that] the individual who was responsible for communicating in the organization to apply the patch did not,” said Smith. In short, someone saw the vulnerability but didn’t tell the security team to patch it.
Walden tried to get Smith to further explain Equifax’s protocol for reporting incidents, but Smith offered little additional information. Once Equifax became aware of the vulnerability, said Smith, “we followed the protocol.”