Be the first to like this
Your CEO Being called to testify in front of the U.S. Senate to explain why your customer data was breached is probably near the top of that “ worst case scenario” list.
“Infamous” is Not the Descriptor You Desire
What results come up when you google your company name or even your own name?
If Richard Smith, former Equifax CEO were to do that now his results would be, um, shall we say less than ideal?
Of the first 8 results when googling “Equifax”, 5 are related to the Equifax’s now infamous 2017 data breach. Two-thirds of the Equifax Wikipedia page is devoted to “security failings”. And news results—a year later—still mainly focus on their multiple breaches, rebuilding customer trust, and pending lawsuits.
Beyond the continuing bad optics of Equifax’s monumental security failings
is the excruciating pain of testifying publicly in front of the Senate Subcommittee on Privacy, Technology and the Law.
See our recap of the questions and how the testimony / senate grilling went. Here's a few of their these questions below:
Provide the Committee a detailed timeline of the breach…
Does Equifax employ a Chief Information Security Officer?
Do any members of Equifax’s board of directors have a background in information security?
Please provide us with copies of all penetration test and audit reports…
Does Equifax have procedures in place to receive and act on vulnerability reports from outside parties including security researchers?
At the time that the breach first occurred, were all of Equifax’s Internet-facing applications’ security updates installed?