Discussion: House GOPers, Dems Lash Out At Ex-Equifax Head Amid Questions Over Hack

Smith attributed the breach to human error and technological error, and said both errors have been addressed.

Then what were they?

Smith said the Department of Homeland Security warned the company on March 8 about the need to patch a particular vulnerability in software used by Equifax and other businesses. The company disseminated that warning by email the next day and requested that applicable personnel install the upgrade. The company’s policy requires the upgrade to occur within 48 hours, but Smith said that did not occur. The company’s information security department also ran scans on March 15 that did not pick up the vulnerability.

Having a policy in place means nothing if your IT is understaffed. Are they?