Equifax’s new CEO is very sorry.
“On behalf of Equifax, I want to express my sincere and total apology to every consumer affected by our recent data breach,” Paulino do Rego Barros Jr. wrote in an open letter published by the Wall Street Journal on Wednesday afternoon. “We didn’t live up to expectations.”
Equifax has a lot to apologize for. The company left a vulnerability unpatched for more than two months, allowing hackers to steal private data on 143 million customers. Hackers began infiltrating the Equifax network in March, but the intrusion wasn’t discovered until July.
“We were hacked,” Barros added. “But we compounded the problem with insufficient support for consumers. Our website did not function as it should have, and our call center couldn’t manage the volume of calls we received.”
Barros, who has only been on the job for a couple of days, didn’t mention other missteps. For example, Equifax chose to post information about the breach at equifaxsecurity2017.com instead of on equifax.com. That created an obvious risk of consumer confusion. At one point an Equifax representative on Twitter directed customers to visit a fake version of the site—securityequifax2017.com. Luckily, the site had been created by a security researcher trying to illustrate the problem with using a new domain rather than a fraudster looking to harvest peoples’ personal information.
In his Wednesday letter, Barros vowed to improve its website and hire more call center employees. He also said that Equifax is extending the deadline to sign up for free credit freeze and credit monitoring services until January.
Barros also vowed to offer a new service early next year “allowing all consumers the option of controlling access to their personal credit data.” It will be “offered free, for life.”