The breach compromised some of our most sensitive personal information, including Social Security numbers, addresses, and driver's license numbers. It's part of a round of hearings Congress is conducting on Capitol Hill this week in the wake of the breach.
"The list of companies and government agencies that have suffered major hacks at the hands of sophisticated cybercriminals is sadly very long, and growing", Smith stated.
"To each and every person affected by this breach, I am deeply sorry that this occurred", said Smith in written testimony obtained by the Los Angeles Times on Monday.
The former CEO said hackers were able to infiltrate a software weakness in an online portal that allows consumers to dispute items on their credit report.
The investigations are expected to involve the alleged errors by Equifax leading up to the breach and in handling the breach.
Equifax Inc is reviewing its Chief Legal Officer John Kelly's involvement in stock sales by company executives made weeks before the credit-reporting service disclosed a massive data breach, the Wall Street Journal reported on Sunday.
He convened a September 1 board meeting to discuss the size of the breach, the ongoing investigation, and the company's public disclosure and response.
It's the first of several appearances taking place this week before House and Senate panels. Walden said in opening remarks at the hearing.
On March 9, the company directed "applicable personnel" to patch that vulnerability.
"Consistent with Equifax's patching policy, the Equifax security department required that patching occur within a 48-hour time period", Smith wrote.
Smith noted that in addition to his departure, the company's chief information officer and chief security officer also left the company following the breach.
Equifax identified an intrusion on 29 July, and Smith said he was informed of the problem two days later, but it was only in mid-August that an investigation revealed the extent of the breach.
Smith said hackers tapped sensitive information between mid-May and late-July. The company's security team blocks the identified suspicious traffic. The three senior executives dumped nearly $2 million worth of stock days after the company learned of the breach, Securities and Exchange Commission filings show.
Smith described the executives as "honorable men, men of integrity".
Schakowsky said "for a lot of Americans, that just doesn't pass the smell test". He said he was alerted the following day, but was not aware of the scope of the stolen data.
"I worry that your job today is about damage control".
Equifax says the greater count of breach victims comes via databases and tables already known to have been breached. "Unfortunately, if fraudsters destroy my constituent's savings and financial futures, there's no golden parachute awaiting them".
One reason for the delay, Smith said, was experts had told company executives that notifying the public "would provoke "copycat attempts" and other criminal activity".
"Talk about ham-handed responses, this is simply unacceptable", said Rep. Greg Walden, R-Ore. Instead, the number is roughly 8,000 people.
Data on British consumers that Equifax said it was inadvertently storing on US servers was also exposed in the breach.