Chief Executive Officer Richard Smith on Tuesday after hackers attacked the company's systems and got access to sensitive information for 145.5 million Americans.
"It seem to me you've accomplished something no one else has been able to accomplish: you've brought Democrats and Republicans together in outrage and frustration over what's happened", Anna Eshoo, a California Democrat, told Smith towards the end of his three-hour testimony, the first of four hearings he is scheduled to attend this week.
The company said Monday that an outside cybersecurity firm has completed its review of the breach and boosted its estimate of affected USA consumers to 145.5 million, an increase of 2.5 million. On Thursday, the company announced a new, free service that will allow consumers to lock and unlock their credit information for life, starting next year.
Smith said both technology and human error opened the company's system to the cyber hack, which has been a calamity for Equifax, costing it about a quarter of its stock market value and leading several top executives to depart. They are reviewing a data breach that affected an estimated 145 million Americans. But the "vulnerable versions" of the software were not identified or patched, Smith said.More news: Apple iPhone X buyers reportedly interested in the most expensive 256GB variant
However, Mr Smith said they were not aware at the time that personal information had been stolen. But that may not be enough for lawmakers and consumer advocates who have asked the credit agency for more extensive remedies and protections.
While most states require companies to inform consumers affected by cyberattacks, there's no federal notification law.
The company said hackers found the weakness and exploited it to gain access to names, Social security numbers and other sensitive personal information. Security experts have said that the ripple effects will be felt for years to come and that the ultimate costs are hard to discern.
But Equifax's former CEO (who suddenly retired last week) told the House Energy and Commerce Committee that a single IT technician was at fault for the whole thing after they failed to install the patch. Then Smith, the former chief executive, said that he, too, would step down.More news: New UKIP leader is Henry Bolton from Kent
In late July, data security officials noticed suspicious activity on a website, which Smith said "happens routinely around our business".
The company has said that it believes that hackers accessed Equifax Canada's systems through a consumer website application intended for use by USA consumers. US companies and government agencies have disclosed 1,022 breaches this year, according to the Identity Theft Resource Center.
Smith noted that in addition to his departure, the company's chief information officer and chief security officer also left the company following the breach.More news: EPA's Scott Pruitt also used private plane for government business