Former Equifax CEO Richard Smith testified before the Senate Banking Committee Wednesday morning about this summer's hack of the credit reporting agency he ran until his resignation last week.
"I am here today to apologize to the American people myself", he said.
The information stolen from Equifax included names, Social Security numbers, birth dates and addresses, the kind of information that could put people at risk for identity theft.
"The human error was that the individual who's responsible for communicating in the organization to apply the patch, did not", Smith said.
He said "between May 13 and July 30, there is evidence to suggest that the attacker (s) continued to access sensitive information".
Equifax has announced the results of a review which show that more consumers may have been caught up in last month's massive data breach. Fortunately for those living overseas, the security audit indicates that no databases outside of the United States have been affected.
Security personnel noticed suspicious activity on July 29 and disabled web application a day later, ending the hacking, Smith said.
The company is still investigating the implications of the hack on United Kingdom customers.
"It only applies to Equifax".
Equifax and an independent cybersecurity forensic consulting firm, Mandiant, worked "literally around the clock" to figure out what happened, Smith said.
Smith noted that an automatic scan for vulnerabilities, carried out on 15 March, also failed to indicate that Equifax was using a Struts version that had the vulnerability.
In regards to the three company executives that sold almost $2 million worth of stock on Aug.1 and August 2, just days after the company discovered there had been some sort of "suspicious activity", Smith said, to the best of his knowledge, these executives were unaware of the cyber intrusion.