Richard Smith, former head of Equifax, apologized publicly on Tuesday for the massive data breach that affected the personal data of millions of people.
Richard Smith retired from his post last week, but he led the company through the time of the hack, which Equifax announced in early September.
Through an announcement on Monday, Equifax said that an independent review had reported that the estimated number of potentially affected U.S. consumers was as high as 145.5 million.
“The vulnerability remained in an Equifax web application much longer than it should have,” Smith said. “I am here today to apologize to the American people myself.”
Here is an excerpt from his speech:
I am here today to recount for this body and the American people, as best I am able, what happened when Equifax was hacked by a yet unknown entity and sensitive information of over 140 million Americans was stolen from its servers, and to outline the remediation steps the company took. We at Equifax clearly understood that the collection of American consumer information and data carries with it enormous responsibility to protect that data. We did not live up to that responsibility, and I am here today to apologize to the American people myself and on behalf of the board, the management team and the company’s employees.
Let me say clearly: As CEO I was ultimately responsible for what happened on my watch. Equifax was entrusted with Americans’ private data, and we let them down. To each and every person affected by this breach, I am deeply sorry that this occurred. Whether your personal identifying information was compromised, or you have had to deal with the uncertainty of determining whether or not your personal data may have been compromised, I sincerely apologize. The company failed to prevent sensitive information from falling into the hands of wrongdoers. The people affected by this are not numbers in a database. They are my friends, my family, members of my church, the members of my community, my neighbors. This breach has impacted all of them. It has impacted all of us. I was honored to serve as the chairman and chief executive officer of Equifax for the last 12 years, until I stepped down on Sept. 25. I will always be grateful for the opportunity to have led the company and its 10,000 employees.
Equifax was founded 118 years ago and now serves as one of the largest sources of consumer and commercial information in the world. That information helps people make business and personal financial decisions in a more timely and accurate way. Behind the scenes, we help millions of Americans access credit, whether to buy a house or a car, pay for college or start a small business. During my time at Equifax, working together with our employees, customers and others, we saw the company grow from approximately 4,000 employees to almost 10,000. Some of my proudest accomplishments are the efforts we undertook to build credit models that allowed and continue to allow many unbanked Americans outside the financial mainstream to access credit in ways they previously could not have.
Throughout my tenure as CEO of Equifax, we took data security and privacy extremely seriously, and we devoted substantial resources to it. We now know that criminals executed a major cyberattack on Equifax, hacked into our data and were able to access information for over 140 million American consumers. The information accessed includes names, Social Security numbers, birth dates, addresses and, in some instances, driver’s license numbers. Credit card information for approximately 209,000 consumers was also stolen, as well as certain dispute documents with personally identifying information for approximately 182,000 consumers.
Americans want to know how this happened, and I am hopeful my testimony will help in that regard. As I will explain in greater detail below, the investigation continues, but it appears that the breach occurred because of both human error and technology failures. These mistakes – made in the same chain of security systems designed with redundancies – allowed criminals to access over 140 million Americans’ data.