[Infowarrior] - Equifax CEO to Congress: Not Sure We Are Encrypting Data

Fri Nov 10 15:55:24 CST 2017

Equifax CEO to Congress: Not Sure We Are Encrypting Data

Interim chief should have asked his staff ‘the day he took over,’ analyst says

Robert McMillan and
AnnaMaria Andriotis
Nov. 8, 2017 5:34 p.m. ET
39 COMMENTS

https://www.wsj.com/articles/equifax-ceo-to-congress-not-sure-we-are-encrypting-data-1510180486?mod=yahoo_hs&yptr=yahoo

Two months after Equifax Inc. EFX -0.19% reported one of the worst data breaches in history, its interim chief executive told a congressional hearing Wednesday he wasn’t sure whether the company was encrypting consumer data.

Equifax announced Sept. 7 it was breached and that hackers accessed data including names, dates of birth and Social Security numbers for 145.5 million U.S. consumers. Several executives, including the CEO, stepped aside in the wake of the disclosure.

Equifax has quadrupled spending on security, updated its security tools and changed its corporate structure since the breach, Paulino do Rego Barros Jr., the interim chief, said during a hearing by the Senate Commerce Committee.

But Mr. Barros stumbled when asked by Sen. Cory Gardner (R., Colo) whether Equifax was now encrypting the consumer data it stored on its computers—a basic step in hiding sensitive information from hackers, and one the company previously had admitted it didn’t take before the breach.

“I don’t know at this stage,” Mr. Barros said.

The answer was disappointing, said Avivah Litan, an analyst with the research firm Gartner Inc. “He should have asked his staff that the day he took over,” she said.

Mr. Barros has been Equifax’s CEO since Sept. 26, when the company announced Richard Smith was retiring. Before that, Mr. Barros was head of the company’s Asia-Pacific business.

Equifax is in the process of “either encrypting or deleting” data stored on its computer storage systems, an Equifax spokeswoman said in an email. Since the breach, “Equifax has deployed multiple methodologies to strengthen security and protect data,” she said.

Since the breach was announced, nearly 32 million unique visitors have used Equifax’s website to go through the process of confirming whether their information was compromised, the company said. That represents approximately 22% of the affected U.S. consumers.

The breach is seen by some as a watershed moment for the credit-reporting industry. Lawmakers during the hearing said they were contemplating a variety of legislative responses, including a national breach-disclosure law and federal data-safety requirements.

Wednesday’s data-breach hearing also included testimony from former Yahoo Inc. AABA 0.51% CEO Marissa Mayer.

Ms. Mayer apologized for a series of breaches that compromised 3 billion Yahoo user accounts, but said companies today face advanced adversaries. “Even robust defenses and processes are not sufficient to protect against a state-sponsored attack,” she said.

In March, the Justice Department charged four men, including two Russian spies, for their involvement in a 2014 attack on Yahoo, which is now a part of Verizon Communications Inc.

Appeared in the November 9, 2017, print edition as 'Equifax CEO Unsure If Data Is Encrypted.'