The former Yahoo CEO and Equifax CEO were grilled over perceived failings surrounding two of the world’s largest data breaches in history.
Hackers easily got through both companies’ security systems and stole personal data belonging to millions of people. For two large organisations like Yahoo and Equifax, you’d think such breaches would never happen at all…
Both former company representatives reportedly started out by saying how they’d “changed” since the breaches, but they apparently also struggled when facing intense questioning.
Former Yahoo boss unable to answer questions
Marisa Mayer, former CEO of Yahoo, was reportedly unable to answer many of the questions posed to her, save for admitting that Yahoo still has no idea who the hackers were; how they got in; and even when the breach actually occurred. Mayer blamed Russian hackers, diluting her apology for the breaches with the excuse that it was apparently difficult for companies to fight against state-sponsored attackers.
The atrocity that is the Yahoo data breach affected some three billion user accounts in the end. As of June 2017, there are reportedly almost 3.9 billion internet users in the world, suggesting that a figure reflective of 78% of the internet population had their information stolen.
The hack against Yahoo included Tumblr and Flickr accounts.
Equifax and their failure to patch up known security vulnerabilities
The Equifax hack was just as embarrassing given that the firm is actually hired by companies and even states to check credit reports, and was hacked through a failure to patch up a known vulnerability.
Over 145 million people in the U.K., U.S., Canada and Mexico were thought to be affected, and we’re representing a number of Equifax data breach victims here in the U.K.
In this breach, instead of just usernames and passwords, the Equifax hackers stole a wealth of personal information including dates of birth, addresses, driving license numbers and partial credit card data; which is information that can be used to identify an individual and can therefore be used to commit serious bouts of identity theft and fraud.
Under questioning, they were scrutinised as to how they could flagrantly allow such delicate and sensitive information easily fall in to the hands of the hackers.
Equifax CEO reportedly falters under questioning
Equifax CEO, Richard Smith, also reportedly faltered under questioning, being unable to even answer the most basic questions about the huge data breach. He had previously expressed his apologies for the breach and aired his “deep regret”, but the former CEO will reportedly retire with a £68.7 million pay packet in his pocket.
“I take full responsibility”, he said, with assurances that, “Equifax is committed to make it whole for” their customers. When Smith said that this entailed a “comprehensive set of products”, Smith was asked if this would make the consumer “whole” again, and Smith responded that it would, “protect them going forward.” He was further pressed for an answer, giving an example of an affected consumer having a cybercriminal make fraudulent purchases through their bank accounts, asking whether these “comprehensive set of products” would “make them whole” by compensating them.
Smith was reportedly unable to confirm either way…
Smith listed the company’s action plan:
- Notifying the public
- Developing a help website and call centres
- Prepare for an increase in cyberattacks
- Co-ordinate with authorities in their investigations in the breach
Sounds like a good plan; but only if executed properly. Equifax delayed notifying the public and were still reportedly taking on customers when they knew about the breach.