IRS awards Equifax US$7.25m no-bid contract after hack

Richard Smith testified to congress on Tuesday in the US

USA lawmakers have questioned the former head of credit-scoring company Equifax about a cyber attack which may have exposed personal information of more than 145 million people.

Earlier this week, Equifax admitted that an additional 2.5 million Americans may have been affected by the massive data breach it disclosed last month, bringing the total up from 143 million to 145.5 million.

Equifax initially said it had discovered the breach in July but it later turned out that the discovery had actually taken place in March.

It came as former chief executive Richard Smith - who stepped down in the weeks after the breach was disclosed - prepared to face a USA congressional hearing.

In costume with top hat, bushy mustache and monocle, the protester could be seen over the shoulder of former Equifax CEO Richard Smith as he testified before the Senate Banking Committee on the company's recent security breach.

That activity was eventually identified on 31 July, but the scale of the breach and whether any information had been stolen was not immediately clear at that time, he said. "We also continue to work closely with our internal team and outside advisors to implement and accelerate long-term security improvements".

Equifax has been criticized for waiting almost six weeks to notify the public after learning of the hack on July 29, and then initially made consumers give up their right to sue if they wanted free credit monitoring and identity theft protection.

"It only applies to Equifax".

Now, Senator Elizabeth Warren (D-Mass.) is making Equifax efx and its former CEO rue those words.

Equifax and an independent cybersecurity forensic consulting firm, Mandiant, worked "literally around the clock" to figure out what happened, Smith said.

The breach was publicly announced on September 7. Smith said there was no indication that the data, while hacked, wasn't removed from their system.

The review "also has concluded that there is no evidence the attackers accessed databases located outside of the United States", the Equifax statement said.

Smith said he would expect Equifax to "cooperate" with "particular legislation that arises out of this horrific breach".

Related News: