Equifax CEO Richard Smith has broken his silence on the massive data breach that affected millions of consumers.
In an opinion article published late Tuesday in USA Today, Smith apologized for the crisis, describing the hack as “the most humbling moment in our 118-year history.”
“We are devoting extraordinary resources to make sure this kind of incident doesn’t happen again,” he wrote. “We will make changes and continue to strengthen our defenses against cyber crimes.”
Equifax has come under fire for its handling of the huge cybersecurity breach, which compromised the personal information of as many as 143 million Americans. The company is one of three nationwide credit-reporting companies that track and rate the financial history of U.S. consumers, gathering data from credit card companies, banks, retailers and lenders.
After detecting the hack, Equifax waited six weeks before it alerted the public last week. Rather than notifying people who were affected, it set up a website that wasn’t ready for days.
Equifax offered free credit monitoring — but initially required those who enrolled to waive their right to sue the company. (It later backtracked, allowing people to sue if they sent it written notice within 30 days.)
After issuing an initial statement when the company announced the breach, Smith had stayed silent amid the uproar.
In his article Tuesday, the CEO acknowledged some of the problems.
“Consumers and media have raised legitimate concerns about the services we offered and the operations of our call center and website,” he wrote. “We accept the criticism and are working to address a range of issues.”
He also addressed the delay in notifying consumers about the breach, saying the company initially “thought the intrusion was limited.”
A cybersecurity firm Equifax brought in to investigate “devoted thousands of hours during the following weeks” looking into the hack, Smith said.
The company is now doing everything it can to support those affected, he wrote: “Our team is focused on this effort, and we are engaged around the clock in responding to millions of inquiries from consumers.”
And he sought to play down fears about how much information had been compromised.
“Outside investigators found no evidence of unauthorized activity on our core consumer or commercial credit reporting databases,” Smith said.
Equifax has warned, though, that credit card numbers for about 209,000 people were exposed in the breach, as was “personal identifying information” on roughly 182,000 customers involved in credit report disputes.