The initial drama over Equifax's September data breach has mostly subsided, but the actual damage will play out for years. And indeed, there turns out to be plenty of spectacle and public controversy left.
It was all on display at a Tuesday Congressional hearing, in which lawmakers questioned Equifax's former CEO Richard Smith in an attempt to make sense of how things went so wrong.
Before delving into the hearing itself—which went poorly enough—it's worth mentioning that it was bracketed by further unfortunate Equifax revelations. The company announced Monday that the total number of people impacted by its breach is not 143 million—the amount it first disclosed—but in fact 145.5 million.
Equifax's former CEO attempts to make sense of how things went so wrong
Its ability to casually misplace 2.5 million lives upended by the breach is alarming, as is Tuesday afternoon's revelation that the IRS awarded Equifax a no-bid, multimillion-dollar fraud-prevention contract last week.
And there's a lot more where that came from. Here are six important (and astonishing, disappointing, you name it) tidbits that came out of Tuesday's hearing.
1. The timeline of when executives knew what about the breach is both disheartening and suspect
Equifax has previously said that it was breached on May 13 and that it first discovered the problem on July 29. The company notified the public on September 7.
But during Tuesday's hearing, former CEO Smith added that he first heard about "suspicious activity" in a customer-dispute portal, where Equifax tracks customer complaints and efforts to correct mistakes in their credit reports, on July 31. He moved to hire cybersecurity experts from the law firm King & Spalding to start investigating the issue on August 2. Smith claimed that, at that time, there was no indication that any customer's personally identifying information had been compromised.
Smith further testified that he didn't ask for a briefing about the "suspicious activity" until August 15, almost two weeks after the special investigation began and 18 days after the initial red flag.
Read entire post 6 fresh horrors from the Equifax CEO’s congressional hearing | WIRED