Actionable news
All posts from Actionable news

Equifax CEO to Congress: Not Sure We Are Encrypting Data

Paulino do Rego Barros Jr., took over as interim CEO of Equifax in late September.

Two months after Equifax Inc. EFX -0.20% reported one of the worst data breaches in history, its interim chief executive told a congressional hearing Wednesday he wasn’t sure whether the company was encrypting consumer data.

Equifax announced Sept. 7 it was breached and that hackers accessed data including names, dates of birth and Social Security numbers for 145.5 million U.S. consumers. Several executives, including the CEO, stepped aside in the wake of the disclosure.

Equifax has quadrupled spending on security, updated its security tools and changed its corporate structure since the breach, Paulino do Rego Barros Jr., the interim chief, said during a hearing by the Senate Commerce Committee.

But Mr. Barros stumbled when asked by Sen. Cory Gardner (R., Colo) whether Equifax was now encrypting the consumer data it stored on its computers—a basic step in hiding sensitive information from hackers, and one the company previously had admitted it didn’t take before the breach.

“I don’t know at this stage,” Mr. Barros said.

The answer was disappointing, said Avivah Litan, an analyst with the research firm Gartner Inc. “He should have asked his staff that the day he took over,” she said.

Mr. Barros has been Equifax’s CEO since Sept. 26, when the company announced Richard Smith was retiring. Before that, Mr. Barros was head of the company’s Asia-Pacific business.

Equifax is in the process of “either encrypting or deleting” data stored on its computer storage systems, an Equifax spokeswoman said in an email. Since the breach, “Equifax has deployed multiple methodologies to strengthen security and protect data,” she said.

Since the breach was announced, nearly 32 million unique visitors have used Equifax’s website to go through the process of confirming whether their information was compromised, the company said. That represents approximately 22% of the affected U.S. consumers.

The breach is seen by some as a watershed moment for the credit-reporting industry. Lawmakers during the hearing said they were contemplating a variety of legislative responses, including a national breach-disclosure law and federal data-safety requirements.

Ms. Mayer apologized for a series of breaches that compromised 3 billion Yahoo user accounts, but said companies today face advanced adversaries. “Even robust defenses and processes are not sufficient to protect against a state-sponsored attack,” she said.

In March, the Justice Department charged four men, including two Russian spies, for their involvement in a 2014 attack on Yahoo, which is now a part of Verizon Communications Inc.