Rueters reported that former Equifax CEO Richard Smith (who retired suddenly last week) provided written testimony that "Equifax was alerted to the breach by the U.S. Homeland Security Department on March 9, ..., but it was not patched".
Sasse's indignation was soon topped by Sen.
No current Equifax official testified at the hearing held by the Digital Commerce and Consumer Protection subcommittee of the House Energy and Commerce committee. Hackers stole Social Security numbers, birth dates and addresses, and in some instances driver's license numbers.
Neither the IRS nor Equifax immediately responded to a request for comment. The deal provides the IRS with "a critical service that can not lapse", according to the agency's notification on the database.
Equifax says fewer than 400,000 United Kingdom consumers had some of their personal information compromised, but it was more limited in scope and unlikely to lead to identity theft. The statement confirmed that the renewal was awarded to Equifax to prevent a lapse in service.
Several lawmakers on Wednesday also questioned why Equifax had been granted a contract with the Internal Revenue Service to help verify taxpayer data.
Smith served as the Chairman and CEO of Equifax for the last 12 years. He resigned after the breach was announced.
"Equifax has forfeited its right to corporate secrets", said Senator Sherrod Brown at a hearing.
"The company has been around for 118 years and for most of those 118 years has done good things", Smith said. "Fraud is a huge opportunity for us-it's a massive, growing business for us", Warren quoted Smith as saying in August. "It seems to me you might pay more attention to security if you had to pay everybody who got hacked a couple thousand bucks or something". Warren also proposed legislation, The Freedom from Equifax Exploitation (FREE) Act, which would require credit reporting agencies to offer customers free options to impose or lift a "credit freeze" that halts the sharing and selling of personal credit information to third parties. "We need to make it in place forever and make sure consumers have control over their own data", she said.
"The human error was that the individual who's responsible for communicating in the organization to apply the patch, did not", Smith, who did not name this individual, told the committee.
The company says in later communication that it "acted immediately to stop the intrusion".
Lawmakers said that at one point Equifax tweeted the wrong link for consumers to check to learn if they were part of the breach.