Equifax 's new CEO Mark Begor told senators Thursday that the credit ratings agency has made many changes since its 2017 breach of the personal information of 143 million people, but he also defended the company against a harsh new Senate report about the incident, saying in a prepared statement:"The fact that Equifax did not have an impenetrable information security program and suffered a breach does not mean that the company failed to take cybersecurity seriously.
The Senate report says that unlike Equifax, the company's competitors Experian and Transunion"were able to avoid a similar data breach." Equifax has added four new directors and created an"audit framework" meant to give the board of directors security benchmarks that they understand, and that can make it easier to record progress, Begor said. The company has also planned to spend $1.25 billion more between 2018 and 2020 on security and IT as a result of the incident.
Marriott's breach of 383 million guest records, announced November 30, has been suspected of also being executed by a nation-state, security experts have said. In Marriott's case, the breach affected the company's legacy Starwoods information system and lasted over the course of four years. Marriott completed its acquisition of Starwood in September of 2016. Carper said he had questions about Marriott's data retention policies, specifically why the company needed to retain data on"millions" of passports for an extended period. He also suggested companies needed to tweak their merger due diligence process to focus more keenly on cyber threats.