November 10, 2017
Members of the Senate Commerce Committee interrogated Equifax interim chief executive Paulino do Rego Barros, but not about the widely reported hack that compromised the personal data of more than 145 million U.S. consumers. The committee wanted to know why Equifax was storing the information to begin with, challenging Equifax’s right to profit from such personal information. The highlight of the meetings thus far has been Barros’ assertion that Equifax, not consumers, own the data collected about them and that people cannot remove themselves from the company files.
The Washington Post reports that “Sen. Cory Gardner (R-Col.) asked the current Equifax chief if it was right that the company maintains that arrangement,” but Barros declined to say whether it was right or wrong. Yahoo former chief executive Marissa Mayer, however, affirmed that consumers should own their own data.
Barros defended his company by saying that it is “actively engaged with consumers to make sure that they use the products that we have today.” But, when he said that 30 million people have visited the site to see if they were victims of the hack, Sen. Tammy Baldwin (D-Wis.) pointed out that it was a fraction of those impacted.
Barros also defended Equifax’s use of arbitration. The company is “facing multiple federal investigations over its handling of the hack and reports that executives sold an unusual amount of stock before the breach was publicly disclosed.”
The Wall Street Journal reports that since the breach, which was reported on September 7, Equifax has “quadrupled spending on security, updated its security tools and changed its corporate structure.” But when Sen. Gardner asked if Equifax is “encrypting the consumer data it stored on its computers,” Barros replied that he didn’t know.
Gartner Research analyst Avivah Litan said his answer was “disappointing” and something “he should have asked his staff the day he took over.” A spokeswoman later said that Equifax is in the process of “either encrypting or deleting” data on its computer storage systems and “deployed multiple methodologies to strengthen security and protect data.”
TechCrunch notes that, “Yahoo failed to recognize that 3 billion accounts — and not 500 million as first reported — were compromised in what was later revealed to be a state-sponsored attack by Russia.” Mayer admitted that, “the specifics of the attack still remain unknown.”
“We don’t exactly understand how the act was perpetrated,” she said. “That certainly led to some of the areas where we had gaps of information.”
Verizon chief privacy officer Karen Zacharia, present at the event where Mayer made that statement, “did not chime in to disagree with that assessment.” Verizon acquired Yahoo in June 2017, and within a week revealed “the vastly widened scope of the attack, which tripled to 3 billion affected users.”