IRS hires Equifax despite massive data breach

Former chairman and CEO of Equifax Richard Smith

The company released the new figure after cybersecurity firm Mandiant, which Equifax hired to investigate the breach it disclosed on September 7, finished the forensic portion of its probe. NY has also issued a subpoena in regards to the massive breach and the city of San Francisco has opened up a lawsuit against Equifax on behalf of the 15 million Californians affected by the hack. Between May 13 and July 30, there is evidence to suggest that the attacker (s) continued to access sensitive information, exploiting the same Apache Struts vulnerability.

Smith said hackers tapped sensitive information between mid-May and late-July.

"It's not uncommon for us to engage forensic audit for instance, it's not uncommon for us to engage outside counsel to help us think things through when there is suspicious activity", he said.

"It's time we change the paradigm of who controls and who accesses credit data", he said.

"We're all going to have to work together to make sure that consumers are protected across the board", Lewis said, "this is just a new age, a new era where so much information is available across the board". Credit freezes-which have been widely recommended in the wake of the Equifax breach as a way to prevent identity theft-typically cost between $3 and $10, and fees are also charged anytime a customer wants to lift or reinstate a freeze.

When asked why a different web address was needed, Smith said the company had to create a new site because its usual web address simply wasn't able to deal with the anticipated deluge of visitors.

An Ontario resident files a proposed class action in the province, seeking $550 million in damages from Equifax, according to Toronto-based law firm Sotos LLP.

Equifax sent emails about the federal warning to workers responsible for the software, which is used in the company's consumer online disputes portal.

The update comes as Equifax's former CEO, Richard Smith, who announced his retirement last month, will testify in front of Congress starting Tuesday.

In addition to Congressional inquiries, the FBI is also looking into the data breach and has reportedly opened a criminal investigation. In its financial filings, it said it relies "extensively" on the "voluntary contribution on credit data from most lenders in the U.S".

"At the end of the day, companies have to be more vigilant about patching their software", said Dimitri Sirota, CEO of security software maker BigID. Both are replaced with internal employees on an interim basis effective immediately.

Attorney General Josh Shapiro came to the Capitol on Tuesday to blast Equifax and to throw his support behind a pair of bills meant to better protect consumers after breaches like the one that hit the credit reporting agency this summer. That lost data includes millions of people living in Washington and Oregon.

Rep. Joe Barton (R-Texas) was also skeptical of Smith, as he said that a law should be set that would fine Equifax for every consumer who's been affected by the breach.

On March 15 Equifax ran a scan of its systems which should have discovered the patch hadn't been applied.

"As CEO, I was ultimately responsible for what happened on my watch", he said.

Instead, Mandiant says that approximately 8,000 Canadian consumers may have been impacted by the breach due to affected credit cards.