Former Equifax CEO Richard Smith admitted failures during a House Energy and Commerce Committee hearing. Smith had already apologized in a video statement, but during the hearing, he mentioned his personal accountability:
"The criminal hack happened on my watch. I am truly and deeply sorry for what happened."
"The human error was that the individual who’s responsible for communicating in the organization to apply the patch, did not."
The TechCrunch writer seems to think this is ridiculous:
"The notion that just one person didn’t do their job and led to the biggest breach in history is quite an amazing claim and shows a fundamental lack of good security practices. But that’s what Smith says led to this disaster."
Smith and Equifax's CIO retired from the company after the news became public, which took a while: executives apparently knew about a software issue back in March, but the company didn't announce the breach until September.
A Wired article cites "6 Fresh Horrors from the Equifax CEO's Congressional Hearing." In addition to the delayed admission, the article attack's Equifax's technology, including inadequate patching, failure to encrypt data, limited security reviews, and insufficient website capabilities.
Another twist is this case is why three top people in the company sold $1.8 million in stock around the time they would have learned of the breach. Smith denies questions of integrity:
“I’ve know these individual for up to 12 years. They’re men of integrity. I have no indication that they had any knowledge of the breach when they made this sale."
- Assess Smith's testimony. What parts do you find most and least convincing?
- What else, if anything, should Equifax do now to rebuild trust?
- In what ways is this case an issue of integrity?