The massive data breach has also led to a number of high-profile departures at the Atlanta-based consumer credit reporting agency, including its chief executive, chief information officer and chief security officer.
The chairmen of two congressional committees say in a letter to Equifax CEO Richard Smith that they are investigating the breach and ask for a slew of documents and a company briefing by September 28.
Equifax said hackers exploited a months-old, unpatched Apache Struts flaw to carry out the breach, dubbed one of the largest and worst-ever breaches in USA history due to the sensitive nature and value of the data compromised. "To each and every person affected by this breach, I am deeply sorry that this occurred".
The breach, which happened in May, was discovered in July, but only disclosed last month, gave hackers access to social security numbers, birth dates, addresses, driver's license numbers and credit-card information.
The hack exposed the personal information of as many as 143 million people, the company said.
The Department of Homeland Security notified Equifax in March about vulnerable software, and the company failed to protect consumers, CBS News' Weijia Jiang reported.
Smith blamed human and technological errors, which can't be eradicated.
Equifax alone spent more than $1 million previous year lobbying lawmakers and regulators to relax rules on credit reporting companies, according to congressional lobbying disclosure forms.
"The vulnerability remained in an Equifax web application much longer than it should have", Smith said in remarks prepared for delivery on Tuesday.
Equifax was still 24 hours away from bringing King & Spalding on board when Equifax Chief Legal Officer John Kelly on August 1 personally approved a sale of Equifax stock by Chief Financial Officer John Gamble, Smith testified Tuesday.
His office is leading a joint investigation into Equifax's data breach that now involves his counterparts in 46 other states, Shapiro said. Smith resigned after it was determined sensitive information for 145 million Americans was stolen from company databases. Smith will also testify in two other congressional hearings during the week.
"I don't think this is resolved", said Rep. Anna Eshoo.
Equifax said it was still determining the extent of the breach for United Kingdom consumers.
Smith stepped down as CEO three weeks after the breach was announced to the public.
- Separately, the administration of President Donald Trump is considering replacing the use of Social Security numbers as personal identifiers in the wake of the Equifax hack, White House cyber-security coordinator Rob Joyce said at a conference on October 3, Bloomberg reported.
Credit freezes-which have been widely recommended in the wake of the Equifax breach as a way to prevent identity theft-typically cost between $3 and $10, and fees are also charged anytime a customer wants to lift or reinstate a freeze.