If you’re the new CEO of Equifax you have one job: find and fix the underlying problems responsible for your company exposing nearly 146 million people to identity theft. Paulino do Rego Barros Jr., the gentleman who got the gig after Richard Smith floated off on a golden parachute, told Congress Wednesday he wasn’t sure if his company was encrypting consumer data. What the hell Equifax?
The breach was discovered in July, and while the company didn’t report it until September, it’s had plenty of time to figure out the answer to the really easy questions.
The Wall Street Journal reports Mr. Barros replied “I don’t know at this stage,” when asked if Equifax was now encrypting consumer data.
The same Journal article also quotes a Gartner analyst, Avivah Litan, who says:
He should have asked his staff that the day he took over.
We couldn’t agree more. The problem with Equifax isn’t that it wasn’t strong enough to withstand the evil hackers of the world – the company wasn’t really hacked, its lackadaisical security was exploited. It left the doors wide open on the data of 145.5 million people; the hackers could have copied the information and left without needing to steal anything.
To err, of course, is human – but I defy anyone to come up with a good reason why Barros Jr. wouldn’t know if his company is using encryption to protect consumer data or not.
The company has been investigated by numerous government entities since it finally decided to reveal the breach in September. It’s being looked into for stock manipulation while Congress continues to dig for answers concerning how the company let the breach happen and what it’s doing about it.
The government doesn’t need a technology expert to explain why the breach happened when the person in charge can’t respond to softball inquiries about simple security practices.
Any company whose culture at the very top is one of “I dunno” when it comes to basic information security shouldn’t be entrusted with our citizens’ intimate financial details. Equifax simply cannot be depended upon to safeguard our information; the company shows zero accountability.
Rather than risk another answer from the company’s interim CEO that just makes the entire situation worse, perhaps the members of Congress should ask themselves a question. Namely, why in the hell is Equifax still in business?