"At the time, we thought the intrusion was limited."
Equifax efx CEO Richard Smith has apologized for the massive cybersecurity breach at the company, which he described as “the most humbling moment in our 118-year history” and resolved to “make changes” to ensure nothing similar happens again.
Smith’s comments came in an op ed published in USA Today Tuesday in which he addressed Equifax’s response to the July hack, which may have exposed personal data on up to 143 million people.
“Understandably, many people are questioning why it took six weeks to report the incident to the public,” Smith wrote, adding that shortly after Equifax discovered what the company then thought was a limited intrusion, it engaged a cybersecurity firm to conduct an investigation. “At the time, we thought the intrusion was limited. The team, working with Equifax Security personnel, devoted thousands of hours during the following weeks to investigate.”
On Monday, the U.S. Senate Committee on Finance told Smith it wanted information on the specifics of the data that was hacked beyond social security and birthdates, and what safeguards Equifax had been using to secure its customer data.
Critics have widely slammed the company’s response to the hack, which included a broken online tool that requested sensitive information from customers to check if their data was affected. Last week, the firm denied that three of its senior executives knew about the data breach before selling off almost $1.8 million of their shares in the company.
“Consumers and media have raised legitimate concerns about the services we offered and the operations of our call center and website. We accept the criticism and are working to address a range of issues,” Smith said.
In the op ed, Smith advises customers to visit the Equifax website to determine whether their data is at risk and adds that the company is offering credit file monitoring and identity theft protection to every U.S. consumer.
“We are devoting extraordinary resources to make sure this kind of incident doesn’t happen again. We will make changes and continue to strengthen our defenses against cyber crimes. We will make sure every consumer who wants protection has a full package of services. And we will continue to update everyone on our progress,” Smith said.