Equifax's nation-destroying data-breach was subsequently revealed to be just the latest in a series of unbelievably careless IT blunders, and it eventually cost the company CEO his job; now his replacement has told Congress that he's not really sure if the company has finally started encrypting the detailed, compromising, sensitive data they nonconsensually harvest from every person in the USA.
The admission came at this week's Congressional Committee on Commerce, Science, and Transportation hearings on "Protecting Consumers in the Era of Major Data Breaches." That's where disgraced former CEO Richard Smith told Senator Cory Gardner [R-CO] that the company had intentionally chosen not to encrypt its data prior to the breach. When pressed to say whether the data is encrypted now, interim CEO Paulino do Rego Barros Jr said, "I don't know at this stage."
Smith added, "It's a more modern environment with multiple layers of security that did not exist before. Encryption is only one of those layers of security."
Gardner moved on to Barros and asked whether he has implemented encryption for data at rest since he took over the position on Sept. 26.
Barros began to answer by saying that Equifax has done a "top-down review" of its security, but Gardner interrupted, saying it was a yes or no question. Barros stumbled again and said it was being reviewed as part of the response process and Gardner pushed again.
"Yes or no, does the data remain unencrypted at rest?"
"I don't know at this stage," Barros responded.
Following Equifax breach, CEO doesn't know if data is encrypted
[Madelyn Bacon/Search Security]