The former boss of Equifax has defended the company’s handling of one of the biggest data breaches in history, in which the details of 145.5m people are thought to have been exposed.
Richard Smith, the chief executive of the credit reporting giant who stood down last week in the wake of the scandal, has told congress that both human error and software were to blame for the hack.
Read more: Deloitte was hit by a cyber attack
He said a single person was to blame, who “did not communicate the need to patch the software”, which then meant hackers were able to access the information. He also said scans of Equifax's systems failed to detect the suspicious activity.
That activity was eventually identified on 31 July, but the scale of the breach and whether any information had been stolen was not immediately clear at that time, he said. It was not publicly disclosed that millions of people's data had been breached until September.
External investigators were brought in to assess the severity of the situation, which became clear over time. He said the company had also put into action a plan to ensure it had enough staff to handle calls and created a website for consumers before the breach was made public. He added that Hurricane Irma took down two of its largest call centres in the first two days of disclosure.
The company is still investigating the implications of the hack on UK customers. Around 400,000 are thought to be affected after it was found some information inadvertently stored on US systems rather than UK ones had been accessed.
When questioned by the House subcommittee on the matter of executives selling shares just days after the breach was discovered, he said they did not know about the breach "to the best of my knowledge".