A 2017 cybersecurity breach at credit bureau Equifax that affected close to 150 million Americans was “entirely preventable,” according to a report on Monday from the House Oversight Committee.
The Atlanta-based company “failed to implement an adequate security program to protect this sensitive data,” the panel wrote.
The report places the blame for the hack largely on former Chief Executive Officer Richard Smith, who after taking the top spot in 2005 began an ambitious plan to grow the company that included several acquisitions. The panel said that strategy helped amplify the scope of the hack.
“This growth brought increasing complexity to Equifax’s IT systems, and expanded data security risks,” the panel wrote. “Had the company taken action to address its observable security issues prior to this cyberattack, the data breach could have been prevented.”
In a statement, Equifax said it was “deeply disappointed” it did not have adequate time to review and respond to the report.
“During the few hours we were given to conduct a preliminary review we identified significant inaccuracies and disagree with many of the factual findings,” the company said. “We are generally supportive of many of the recommendations the Committee laid out for the government and private industry to better protect consumers, and have already made significant strides in many of these areas.”
Federal pressure on Equifax, a consumer credit-reporting firm that provides information on would-be borrowers seeking loans, has been mounting since the firm disclosed the hack, which affected nearly half the U.S. population. The company admitted in May that along with birthdays, Social Security numbers, and driver’s license numbers, roughly 3,200 passports were compromised.
Equifax’s stock fell 1.6 percent to $97.87 in New York trading. The shares have tumbled 17 percent over the past 12 months.
