Security & Fraud

Equifax, Marriott To Get Grilled By Senate On Cybersecurity

Equifax, Marriott To Get Grilled By Senate

Equifax and Marriott executives are slated to appear before the Senate on Thursday (March 7)  to discuss what lessons the two companies have learned from some of the largest data breaches to hit corporate America.

According to CNBC, the Senate Homeland Security and Governmental Affairs Subcommittee on Investigations is holding the hearing, and has also released a report on how Equifax handled its data security leading up to the data breach that resulted in 143 million people’s credit card data being exposed. Equifax disclosed the hack in September of 2017. Marriott’s data breach, which occurred in late November, impacted the records of 383 million guests, but didn’t include as much sensitive data as the Equifax incident.

CNBC said the report is critical of the company’s tech and cybersecurity operations, as well as Equifax’s handling of employees’ warnings to a top executive about security flaws. One portion of the report depicts executives as shrugging off security meetings in March of 2017, at a time when a flaw in the open-source software Apache Struts was hurting financial companies. The flaw went unpatched at Equifax and created the entry point for hackers.

“The Subcommittee interviewed the leadership of the Equifax IT and security staffs and learned that none of them regularly attended these monthly meetings or specifically recalled attending the March 2017 meeting,” the report said. “In addition, the chief information officer, who oversaw the IT department during 2017, referred to patching as a ‘lower-level responsibility that was six levels down’ from him.”

In a statement to CNBC, Equifax spokesman Jacob Hawkins said the company has cooperated with the Subcommittee, and while it doesn’t agree with a number of the report’s findings, it is committed to being transparent. Since the breach, Equifax has hired a new chief technology officer and chief information security officer, and has also increased technology and security spending. The spokesman added that Equifax has hired close to 1,000 new technology and security employees.


Featured PYMNTS Study: 

With eyes on lowering costs to improving cash flow, 85 percent of U.S. firms plan to make real-time payments integral to their operations within three years. However, some firms still feel technical barriers stand in the way. In the January 2020 Making Real-Time Payments A Reality Study, PYMNTS surveyed more than 500 financial executives to examine what it will take to channel RTP interest into real-world adoption. Here’s what we learned.