Congressional Republicans say Equifax breach was "entirely preventable," blames "aggressive growth strategy" but reject measures to prevent future breaches
Equifax doxed 145 million Americans, dumping their most sensitive financial data into the world forever, with repercussions that will be felt for decades to come.
A Congressional panel convened to evaluate the causes of the breach has published its majority report, endorsed by the Republicans on the committee: Equifax, in a drive to attain fast growth, acquired companies at a rate that exceeded its ability to securely integrate them; it neglected its IT, resulting in a critical vulnerability remaining unpatched for 145 days; it did not engage in basic preparation like a breach notification procedure. In other words, this catastrophe was the result of greed triumphing over good management, and was thus "entirely preventable."
However, the Committee's Republican members refused to sign onto the very modest recommendations proposed by Democrats on the committee. These recommendations included "';requiring federal financial regulatory agencies to report their efforts to protect consumers from cybertheft and identify areas Congress could enhance agencies' authorities to achieve that goal,' guidelines for federal contractors to comply with established cybersecurity standards, a comprehensive notification law that dictates how victims of a victim breach must be notified and an amended Federal Trade Commission Act to 'strengthen civil penalties for private sector violations of consumer data security requirements.'"
Equifax released a statement complaining that they weren't given enough time prior to the committee report to prepare their spin.
"We are deeply disappointed that the Committee chose not to provide us with adequate time to review and respond to a 100-page report consisting of highly technical and important information. During the few hours we were given to conduct a preliminary review we identified significant inaccuracies and disagree with many of the factual findings," Equifax said.
"Equifax has worked in good faith for nearly 15 months with the Committee to be transparent, cooperative and shed light on our learnings from the incident in order to enrich the cybersecurity community," it added. "While we believe that factual errors serve to undermine the content of the report, we are generally supportive of many of the recommendations the Committee laid out for the government and private industry to better protect consumers, and have already made significant strides in many of these areas."
House panel issues scathing report on 'entirely preventable' Equifax data breach [Olivia Beavers/The Hill]