Content, Breach

Equifax Interim CEO Apologizes for Hack, Unveils Credit Locks Service

Paulino do Rego Barros Jr
Paulino do Rego Barros Jr

Equifax will launch a service that provides consumers with the ability to lock and unlock access to their credit, interim CEO Paulino do Rego Barros Jr. wrote in an op-ed for The Wall Street Journal. The service is expected to be released in January 2018 and will be available to consumers "free, for life," Barros noted.

In addition, Equifax will extend the sign-up period for TrustedID Premier, a free credit monitoring service available to all U.S. consumers, Barros indicated. Equifax earlier this month offered free identity theft protection and credit monitoring to those who may have been affected by the company's data breach; this incident exposed the personal information of approximately 143 million U.S. consumers.

> All Equifax Breach Coverage

Barros, who was named Equifax's interim CEO on Sept. 26, also apologized for his company's data breach. He pointed out that Equifax continues to explore ways to identify and address the data breach and ensure the company can avoid similar problems in the future.

"We compounded the problem with insufficient support for consumers," Barros stated. "Answers to key consumer questions were too often delayed, incomplete or both. We know it's our job to earn back your trust."

Equifax's former CEO, CIO and CISO all 'retired' this month amid the breach fallout.

New York DFS Subpoenas Equifax About Data Breach

The New York Department of Financial Services (NYDFS) has issued a subpoena to Equifax, according to Reuters. With the subpoena, the NYDFS is requesting Equifax provide more information about the data breach that the credit reporting firm disclosed this month.

Following the Equifax data breach, the NYDFS proposed that credit reporting agencies be subject to its cybersecurity rule that went into effect March 1. This rule requires banks and other financial institutions regulated by the NYDFS to create a program to protect consumer data and notify the department about data breaches.

Also, several federal and state agencies are already investigating the Equifax data breach, including the U.S. Department of Justice, Reuters noted.

What Caused the Equifax Breach?

The Equifax data breach was caused by a vulnerability in Apache Struts (CVE-2017-5638), an open-source application framework that supports the company's online dispute portal web application, the company indicated.

Equifax is working with cybersecurity services provider Mandiant to determine which consumer information was accessed during the data breach, the company said in a prepared statement.

To date, Equifax has lost roughly $4.5 billion in market value since it disclosed the data breach, Reuters reported.

Dan Kobialka

Dan Kobialka is senior contributing editor, MSSP Alert and ChannelE2E. He covers IT security, IT service provider business strategies and partner programs. Dan holds a M.A. in Print and Multimedia Journalism from Emerson College and a B.A. in English from Bridgewater State University. In his free time, Dan enjoys jogging, traveling, playing sports, touring breweries and watching football.