The former head of Equifax repeatedly apologized Tuesday for a massive data breach the company revealed last month that affected millions of Americans.
Richard Smith, who retired as Equifax CEO last week in the wake of the scandal, was grilled by Congress about how hackers were able to steal the personal information of more than145 million Americans from the credit monitoring firm.
No current Equifax official testified at the hearing held by the Digital Commerce and Consumer Protection subcommittee of the House Energy and Commerce committee.
"The criminal hack happened on my watch, and as CEO, I am ultimately responsible, and I take full responsibility," Smith said. "I am here today to say to each and every person affected by this breach, I am truly and deeply sorry for what happened."
In the breach, which was first discovered in late July but not made public until several weeks later, hackers were able to obtain names, addresses, dates of birth, Social Security numbers and credit card numbers.
Also Tuesday, the company announced 2.5 million more Americans were affected than previously acknowledged.
Smith also said the breach was the fault of a single individual whom he did not name, who failed to install a patch for a vulnerability in software used by the company.
"The human error was that the individual who's responsible for communicating in the organization to apply the patch, did not," Smith said.
Lawmakers slammed Smith and Equifax, with many calling for tighter government regulations to stop future hacks.
"Equifax deserves to be shamed in this hearing, but we should also ask what Congress has done, or failed to do, to stop data breaches from occurring," Congresswoman Jan Schakowsky said.
