The Equifax data breach that leaked information on the now-145 million people was caused by a vulnerability in Apache's Struts system.
Lawmakers said that at one point Equifax tweeted the wrong link for consumers to check to learn if they were part of the breach. The website used to determine whether someone was impacted in the breach will be updated to include the new potential victims by October 8, the credit monitoring company said in a statement.
However, Equifax has not yet announced how many of its non-American customers have had they data leaked. Cybersecurity firm Mandiant - which conducted the review - said that it found no evidence of new or additional hacker activity, and that the revised number was reached through a forensic investigation and quality assurance procedures. And while Mandiant found no evidence that databases outside of the USA were affected, about 8,000 Canadians are thought to have been impacted in the breach.
Members of Congress showed bewilderment Wednesday that credit reporting company Equifax (EFX), under siege after a data breach affecting more than 145 million people, has received a $7.25 million contract with the IRS to provide taxpayer and personal identity verification services. The flaw was disclosed in March, but Equifax failed to detect and fix the hole.
Equifax says fewer than 400,000 United Kingdom consumers had some of their personal information compromised, but it was more limited in scope and unlikely to lead to identity theft.
Representative Jan Schakowsky, an Illinois Democrat, said the attack should prompt a broader conversation about credit agencies, which collect credit data on consumers from businesses often without people's knowledge.More news: Backed Late-Term Abortion Ban Passes House
More news: JeM attacked BSF camp
More news: Las Vegas Shooter Wired $100K to Girlfriend's Home Country
The deal was finalized last week, according to the federal government website that tracks contracts.
Despite the major breach, Equifax received a no-bid contract from the Internal Revenue Service (IRS) for fraud protection on October 4, that's worth about $7.25 million. Politico, which first spotted the contract, obtained a letter to IRS Commissioner John Koskinen from Oregon Rep. Earl Blumenauer. And crucially, it was a no-bid, "sole source" contract - Equifax was deemed the only company capable of fulfilling demand.
The IRS' decision to award the contract to Equifax has drawn ire from lawmakers.
"We could have this hearing every year from now on if we don't do something to change the current system", said Rep. Joe L. Barton, R-Texas.
Smith was testifying before the Senate Committee on Banking, Housing and Urban Affairs. The company is under investigation by the Department of Justice, the FBI and the Federal Trade Commission.