Former Equifax CEO Richard Smith said Wednesday that the employee responsible for not updating the company’s security software had stepped down in the weeks after the massive data breach was revealed.
Smith made the revelation in a hearing before a Senate Judiciary privacy subcommittee, his third appearance before Congress this week.
In a hearing on Tuesday, Smith had told lawmakers that the breach could be attributed to a “combination of human error and technological error.” According to Smith’s testimony, an employee had failed to patch software, leaving Equifax’s consumer data vulnerable, and scanning software had failed to detect the vulnerability later on.
That employee hasn’t been identified and Equifax has stayed quiet until now about the person’s employment status.
Smith revealed Wednesday that the person was among a group of four people who left the company in the wake of the breach — a group that includes Smith, who retired last week ahead of his scheduled appearances before Congress. Equifax’s chief information and security officers also resigned.