Equifax will make changes following a massive data breach in July that could have impacted about 143 million U.S. consumers, the company's CEO said Tuesday.
“We are devoting extraordinary resources to make sure this kind of incident doesn’t happen again. We will make changes and continue to strengthen our defenses against cybercrimes. We will make sure every consumer who wants protection has a full package of services,” Smith wrote in an opinion piece in USA Today.
The company said the unauthorized entry occurred mid-May through July 2017, as criminals “exploited U.S. website application vulnerability” to access files ranging from social security numbers, birth dates, addresses and driver’s license numbers.
Hackers also accessed the credit card numbers of about 209,000 consumers in the U.S. and other documents with personal information for about 182,000 people in the U.S. Equifax said it discovered the breach on July 29, 2017, but it did not publically disclose the information until Sept. 7, 2017.
“Understandably, many people are questioning why it took six weeks to report the incident to the public,” Smith wrote, adding that, “At the time, we thought the intrusion was limited.”
The company also said it found that hackers gained unauthorized access to limited personal information for certain residents in the United Kingdom and Canada. Equifax said its investigation has not found any evidence of illegal activity on its “core consumer or commercial credit reporting databases.”
“It will take us a long time to assess the impact of the Equifax data breach on 143 million Americans. Businesses, consumers, and government watchdogs will have to be even more vigilant about identifying fraud, possibly making it harder for Americans to get access to credit,” Sen. Sherrod Brown, D-Ohio, said in his opening statement at a Banking Committee hearing on Fintech on Tuesday.
As a result of the breach, the company has set up a website for consumers that will help them identify if their information was affected. It will also send notices directly in the mail to consumers that have had credit card numbers or dispute documents with personal identifying information compromised, according to Equifax.
Due to the size of the hack, lawmakers have begun to weigh in on the issue.
Rep. Steve Chabot, R-Ohio, chairman of the House Small Business Committee, sent a letter to the acting chairman of the Federal Trade Commission (FTC) on Monday, requesting the agency “provide a strategy for mitigating potential impacts on small businesses effected by the Equifax data breach.”
In the letter, Chabot also asked the FTC to answer questions regarding the hacking incident’s impact on the small business community in the U.S., setting a deadline of no later than Sept. 25.