Homepage / Technology / Equifax's then-CEO waited three weeks to inform board of massive data breach, testimony says
test Due Diligence Blog Digital Data Rooms for the Netherlands Board Room Apps Secure Board Management With Secure Board Portals What Happens at Board of Directors Meetings? Board Room Software Review How to Prepare Board Rooms for Effective Board Meetings Board Room Software Boosts Performance and Communication Selecting a Secure Data Room Review Local Data Room Service Review How to Find the Best Virtual Data Room Review What to Look for in a Data Room uk Provider Document Storage and Distribution Software Everything About VDRs Corporate Software Advantages How to Choose a Virtual Data Room Provider The Most Secure Way to Transfer Files How to Manage Online Board Meetings Benefits Virtual Data Room Solutions – Must-Haves for M&A and Due Diligence Best Data Room Functions for the Different Types of Industries How to Choose a VDR Software Provider How to Choose an Online Board Portal The Benefits of a Boardroom Review Board Room Online Solutions – How to Get the Most Out of Your Board Meetings Why You Need a Board Room How a Board Room Blog Can Transform Your Business Choosing the Best Board Room Format How to Have Productive and Engaging Board Directors Meetings Choosing the Right Virtual Data Room How to Keep Safe Documents Storage Teaching Kids About Online Safety Avoid Costly Mistakes With Free Data Room Services Corporate Virtual Data Secure Online Data Rooms Solutions How to Keep Share, Edit and Delete Your Data Safe Virtual Data Room Software Secrets for M&A Due Diligence What to Look For in Boardroom Providers Board of Directors Blog Posts How to Deliver Value at Your Board Meetings How to Have Effective Board Meetings Responsibilities of Board Members Deal Management – How to Effectively Manage a Complex Sales Pipeline Data Rooms For Mergers And Acquisitions How to Have a Successful Board Room Meeting Choosing a Board Room Service Provider What is a Board Room Service? Board Room Software Review – Choosing the Best Portal for Mother Board Meetings Why a Board Room Providers Review Is Important What Is a Board Room Review? Venture Software for VC Firms What Is an Assessment Report? The Importance of a Tech Audit Popular Business Applications What to Look For in a Data Room App What Are Business Applications? How to Choose a Virtual Data Room How to Plan a Data Room Review Coronavirus Guide What is a Virtual Data Room? What Is Data Science? What Is an Operating System? Turbotax Small Business Review How Online VDRs Are Used in M&A Deals Why Choose VDR Software? The Power of Business Software The Benefits of a Software Board Online Data Room Review The Importance of Tech Knowledge Improving Accuracy of Financial Data Online Business Records – How to Keep Your Online Business Records Accurate and Secure What is a Board Portal De? DealRoom Review – A Review of VDR Software M&A Due Diligence for Private Companies The Virtual Data Room Review Why Companies Use a Data Room Review to Facilitate M&A Transactions The Best File Sharing Services How Online VDRs Are Used in M&A Deals Best Virtual Data Room How to Choose a Best Board Room Provider Choosing a Data Room for Due Diligence What Is a Data Room Business Software? Best Data Room Providers Review Data Room Providers Review Mostbet Tr Resmî Web Sitesinde Giriş Ve Kayıt Olm Kumar Oynamak Için En Iyi Yerdir The Benefits of Cloud Data Services for Enterprises Online Data Room and SSL How to Build a Diverse Board of Directors Best Virtual Data Review A Data Room Service Review How Runn Makes Project Data Accessible, Accurate and Shareable Five Pillars of Information Protection The Importance of Online Business Reports Benefits of Colocation Services Virtual Data Rooms Guide Choosing a Business Virtual Data Room Choosing the Right VDR Service Review How to Conduct a Virtual Data Room Review Glory Online Casino Türkiye En Iyi Oyunları Ve Bahisleri Olan Kumarhane

Technology

Equifax's then-CEO waited three weeks to inform board of massive data breach, testimony says

Written by finanster
on October 2, 2017
Leave a comment

Equifax‘s former chief executive waited nearly three weeks to tell the company’s board of directors about the now infamous data breach, as a group of company and outside security experts scrambled to figure out what had happened, according to written testimony prepared for his visit to Capitol Hill on Tuesday.

Richard Smith, Equifax’s former CEO who abruptly retired last week, learned about the hack on July 31 and hired outside legal and investigative experts and contacted federal law enforcement the same week. But he didn’t inform the company’s board for another 20 days.

In the meantime, King & Spalding, a law firm, and Mandiant, a cybersecurity forensic consulting firm, investigated what happened. Mandiant and Equifax worked “literally around the clock” to identify and understand unauthorized activity on its network and the scale of the hack, including whether personal information was taken.

The company also contacted the FBI on Aug. 2, he says, and the agency has an ongoing investigation.

Smith’s prepared remarks were released Monday in advance of his appearance before the House Energy and Commerce Committee on Tuesday. He’s also scheduled to testify before the Senate Banking and the Senate Judiciary committees on Wednesday and the House Financial Services Committee on Thursday.

But the former executive has also met with the House Oversight Committee. In a letter Monday, the committee’s ranking Democrat, Elijah Cummings from Maryland, urged Chairman Trey Gowdy of South Carolina to investigate Equifax’s handing of the incident, especially why it waited so long to tell the public.

“Equifax conceded that the FBI never instructed or directed the company to withhold from the public information about the breach,” the letter said. Rep. Cummings is also seeking all communication between Equifax and a government agency that warned companies in March about a glitch in software that needed to be fixed.

According to the testimony, on Aug. 15, Smith learned that consumer personal information had been taken in the hack, and he requested a detailed briefing. Two days later, Smith had a “senior leadership team meeting to receive the detailed briefing on the investigation.” The testimony doesn’t say who attended that meeting.

Smith says he notified the board’s lead independent director, Mark Feidler, and executives who run Equifax’s business units about the breach on Aug. 22.

The full board was told of the breach and the investigation of it on Aug. 24 and 25, according to the testimony. They began developing a plan to help affected consumers.

Smith convened a Sept. 1 board meeting to discuss the size of the breach, the ongoing investigation, and the company’s public disclosure and response.

Smith’s prepared remarks were released Monday in advance of his appearance before the House Energy and Commerce Committee on Tuesday. He’s also scheduled to testify before the Senate Banking and the Senate Judiciary committees on Wednesday and the House Financial Services Committee on Thursday.

The timeline in Tuesday’s testimony doesn’t specifically say who inside the company other than Smith and the security team knew about the breach before he says he told management and the board. But among the swirl of state and federal investigations that have opened since the breach was disclosed to the public on Sept. 7 are stock sales by three company insiders — the chief financial officer and two business heads — in early August.

Unusual trading activity in Equifax options on Aug. 21, now known to be one day before Smith says he told the lead director, also has drawn scrutiny.

An Equifax spokeswoman has said the three executives weren’t aware of the breach when they sold $1.8 million of stock on Aug. 1 and 2. The spokeswoman wasn’t immediately available on Monday.

Equifax has been largely criticized for its handling of the response. Concerned people initially encountered a flawed website, jammed customer service phone lines and confusing information about what remedies were available. It was “overwhelming,” Smith says in the testimony, “and, regrettably, mistakes were made.”

Brian Krebs, who writes about cybersecurity, says Equifax’s response given its one month to prepare for a public onslaught, makes the incident even worse. “It boggles my mind how they have mishandled this,” he said.

It has been known that Equifax didn’t fix a flaw in its software that was known to the public for months. That flaw was announced in March, when the U.S. Department of Homeland Security told Equifax and many other companies that use the software about it, but Equifax didn’t utilize the fix offered by the software developer right away.

“It was this unpatched vulnerability that allowed hackers to access personal identifying information,” Smith says in the written remarks.

Source: Tech CNBC
Equifax's then-CEO waited three weeks to inform board of massive data breach, testimony says

Comments are closed.