The hearing appeared to ease concerns on Wall Street.
Separately Monday, former CEO Richard Smith said in testimony prepared for a congressional hearing that the security team at Equifax failed to patch a vulnerability in March after getting a warning about the flaw.
Lawmakers were unsatisfied by the company's apologies.
Representative Debbie Dingell, who is cosponsoring a House bill that would require prompt notification by companies in the event of a breach, told Gizmodo that Equifax should not be awarded any federal contracts until more is known about the company's handling of the incident. The outcry has increased the odds of new rules or laws governing the credit-reporting industry. Credit freezes-which have been widely recommended in the wake of the Equifax breach as a way to prevent identity theft-typically cost between $3 and $10, and fees are also charged anytime a customer wants to lift or reinstate a freeze.
"Of course, breaches will continue to occur, but they occur more often when there is no accountability and when no preventative measures are in place", Pallone said.
Congress members were unsatisfied with Smith's apologies.
Mandiant, which was retained to carry out the investigation after Equifax first discovered the breach, found that an additional 2.5 million Americans were impacted, bringing the total to 145.5 million. Smith said it by way of promoting the benefits of Equifax's new "lock" product.
Smith said the full extent of what occurred emerged during a meeting he had with cybersecurity experts and outside counsel on August 17. He told Politico in a statement that "it's irresponsible for the IRS to turn over millions in taxpayer dollars to a company that has yet to offer a succinct answer on how at least 145 million Americans had personally identifiable information exposed".
Meanwhile, Equifax is under investigation by the Department of Justice, Federal Trade Commission, Securities and Exchange Commission and Consumer Federal Protection Bureau, as well as by more than 40 state attorneys general. But the "vulnerable versions" of the software were not identified or patched, Smith said.
During his five minutes of allotted questioning, Scott, R-S.C., laid out the timeline Smith had given the committee thus far during his testimony, picking at the discrepancy of when company executives sold stock and when the public was informed of the breach. But, Latta argues companies like Equifax must protect private details, like social security numbers. Critics have long condemned the widespread reliance on and use of the numbers as insecure. The company said a review of the impact on British consumers was still being analyzed.
"It is time to have identity verification procedures that match the technological age in which we live", he said.