It’s difficult to imagine things getting much worse for Equifax Inc.
But late yesterday, Equifax disclosed that an additional 2.5 million Americans are potentially affected by the massive breach, bringing the company’s revised estimate to 145.5 million U.S. consumers.
Equifax says the additional consumer accounts were discovered during a forensic investigation.
The company’s disclosure came on the eve of testimony by its former CEO, Richard F. Smith, who will face three Congressional hearings this week.
First up is today’s hearing before the House Energy and Commerce Committee. You can watch the hearing live here, starting at 10 a.m. Eastern time. In a staff memo released over the weekend, lawmakers made clear that today’s hearing will focus on the sequence of events and breach disclosure issues, starting with the initial discovery of the breach through the time senior leadership was informed of the incident.
Equifax has already released Smith’s prepared testimony, which is long on apologies and details. “I am deeply sorry that this occurred,” he said in the statement. “Equifax was entrusted with Americans’ private data and we let them down.”
Smith’s statement also acknowledges a number of ball drops including IT staffers ignoring a public warning in early March concerning the software vulnerability that was exploited by the hackers to access Equifax’s system. Not only was an update to the software not made, but later security scans failed to detect the vulnerability.
Smith will testify on Wednesday before the Senate Committee on Banking, Housing, & Urban Affairs, and on Thursday before the House Financial Services Committee. The Senate hearing can be viewed here.