Equifax is still investigating the details of what happened and Smith said providing consumers with adequate information in the aftermath was "challenging". It also said that the company doesn't plan to make any unsolicited emails or calls to its customers regarding the issue.
"The human error was that the individual who's responsible for communicating in the organization to apply the patch, did not", Smith said in the hearing.
Security personnel noticed suspicious activity on July 29 and disabled web application a day later, ending the hacking, Smith said. Smith will also testify later at a Senate Judiciary subcommittee on privacy.
Equifax has been raked over the coals for offering up a separate website to tell consumers seemingly at random if they'd been affected by the hack. This week, former Equifax CEO Richard Smith, who retired in the wake of the breach, is being grilled by lawmakers over the major infiltration and its impact on American consumers. The Mandiant forensic review added nearly 2.5 million to the estimated list of American customers, pushing the total figure up to a massive 145.5 million people altogether.
Tillerson says USA now in direct contact with North Korea
The remarks came just hours after it was revealed that the USA and North Korea have opened several channels of communication. He reiterated that Washington would not recognize North Korea as a nuclear power but also has no plans for regime change.
Representative Jan Schakowsky, an Illinois Democrat, said the attack should prompt a broader conversation about credit agencies, which collect credit data on consumers from businesses often without people's knowledge. In response, Walden said, "I don't think we can pass a law that, excuse me for saying this, fixes stupid".
The House Committee on Energy and Commerce's three-hour hearing was held to answer questions about this year's breach from mid-May to the end of July, when hackers obtained information on over 143 million people from Equifax, or about 44 percent of the US population.
The IRS has suffered its own embarrassing breaches, with the agency announcing on 6 April that the personal data of up to 100,000 United States taxpayers could have been compromised.
The company says in later communication that it "acted immediately to stop the intrusion".
"The company knows, however, that it was this unpatched vulnerability that allowed hackers to access personal identifying information". He said this to assure Congress members that core credit report files were not compromised or altered. Barros will also receive a one-time grant of $1.5 million in Equifax stock and will be eligible for at least $372,000 in additional compensation for performance.