It seems that Richard Smith who was the CEO of Equifax until they got pwned by hackers in epic fashion and then “retired” very quickly started attending a variety of Congressional hearings today. In his testimony today, he issued an apology but deflected any blame for this epic pwnage:
During the hearing, Smith gave an inside perspective on how Equifax lost all that data. He opened with an apology, taking responsibility for the breach and the botched response.
The door was opened for the breach earlier this year. Equifax had learned in March about a weak spot in the Apache Struts software in a key computer system, but never patched it. Smith said Equifax did everything it was supposed to, but still failed to protect its data.
In his testimony, Smith laid the blame on a faulty scanner for not flagging the vulnerability on March 15 and on a single Equifax staffer responsible for mishandling patches on March 9. He did not name the person.
“Both human deployment and the scanning did not work. But the protocol was followed,” Smith said.
Wait… He was the CEO at the time. That means the buck stops with him as he is the leader of that company. Right? Isn’t that was leadership is about? I guess he doesn’t see it that way. I should note that he somehow didn’t ask if customer data was swiped and he couldn’t remember when he had spoken to people about the epic pwnage. None of that passes the smell test.
Oh, there was also this tidbit.
The company, which has 9,900 employees, only had one person in charge of its patching process, Smith said.
Clearly security wasn’t a focus for this company despite the fact that they handle all sorts of personal information. #EpicFail. One politician summed it up this way:
Several House committee members suggested federal laws to regulate credit monitoring companies like Equifax. [(R) Rep. Greg] Walden bluntly noted that it would be difficult to stop cyberattacks from human errors like the one Equifax suffered.
“I don’t think we can pass a law that fixes stupid,” Walden said.
No, but I think you can pass a law that punishes stupid stuff like this.
Like this:
Like Loading...
Related
This entry was posted on October 3, 2017 at 2:45 pm and is filed under Commentary with tags Equifax. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
Ex Equifax CEO To Congress: It’s Not My Fault That We Got Pwned
It seems that Richard Smith who was the CEO of Equifax until they got pwned by hackers in epic fashion and then “retired” very quickly started attending a variety of Congressional hearings today. In his testimony today, he issued an apology but deflected any blame for this epic pwnage:
During the hearing, Smith gave an inside perspective on how Equifax lost all that data. He opened with an apology, taking responsibility for the breach and the botched response.
The door was opened for the breach earlier this year. Equifax had learned in March about a weak spot in the Apache Struts software in a key computer system, but never patched it. Smith said Equifax did everything it was supposed to, but still failed to protect its data.
In his testimony, Smith laid the blame on a faulty scanner for not flagging the vulnerability on March 15 and on a single Equifax staffer responsible for mishandling patches on March 9. He did not name the person.
“Both human deployment and the scanning did not work. But the protocol was followed,” Smith said.
Wait… He was the CEO at the time. That means the buck stops with him as he is the leader of that company. Right? Isn’t that was leadership is about? I guess he doesn’t see it that way. I should note that he somehow didn’t ask if customer data was swiped and he couldn’t remember when he had spoken to people about the epic pwnage. None of that passes the smell test.
Oh, there was also this tidbit.
The company, which has 9,900 employees, only had one person in charge of its patching process, Smith said.
Clearly security wasn’t a focus for this company despite the fact that they handle all sorts of personal information. #EpicFail. One politician summed it up this way:
Several House committee members suggested federal laws to regulate credit monitoring companies like Equifax. [(R) Rep. Greg] Walden bluntly noted that it would be difficult to stop cyberattacks from human errors like the one Equifax suffered.
“I don’t think we can pass a law that fixes stupid,” Walden said.
No, but I think you can pass a law that punishes stupid stuff like this.
Share this:
Like this:
Related
This entry was posted on October 3, 2017 at 2:45 pm and is filed under Commentary with tags Equifax. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.