Skip to main content

Equifax knew about cyber vulnerabilities before attack, ex-CEO claims

The total number of people affected by the recent Equifax breach has risen after more details came to light.

According to new reports, the number of affected customers has now hit 148 million - meaning that an additional 2.5 million people have been impacted.

However the number of customers hit in some markets may be less than previously thought - as the report claims that only 8,000 Canadians were affected, not the 100,000 originally reported.

During a testimony in front of the Congress, former Equifax CEO Richard Smith said both humans and technology is to blame for the breach. Apparently, Equifax knew about the vulnerabilities in its systems since March this year, but failed to address the issues on time.

“It appears that the breach occurred because of both human error and technology failures,” former CEO Richard Smith said in written testimony released on Monday by the Energy and Commerce Committee.

The US Homeland Security Department alerted Equifax on March 9, and on March 15, the company ran tests for vulnerabilities but came out empty. As a result, “the vulnerability remained in an Equifax web application much longer than it should have,” Smith said. “It was this unpatched vulnerability that allowed hackers to access personal identifying information.”

Hackers seem to have made their entry between mid-May and end of July.

He said “between May 13 and July 30, there is evidence to suggest that the attacker(s) continued to access sensitive information.”

The Equifax breach might have been state-sponsored, but it is still too early to say who might be behind it.