Of all the cases of economic espionage charged by the DOJ's National Security Division since 2012, more than 80% of them implicated China.World Politicsread more
"Whilst there is a big dispute at the moment, I think there's also potential for resolution," UBS chairman Axel Weber says of the U.S.-China trade negotiations.World Economyread more
Cryptocurrency fans will hope the futures contracts, which are federally regulated, can provide some much-needed legitimacy to bitcoin.Cryptocurrencyread more
Despite mixed fan and critic reactions to the final season of "Game of Thrones," the eight-season epic took home the top prize in the drama category at the Emmy Awards on...Entertainmentread more
There are alternative financial centers and investors can turn to Singapore, Tokyo or Shanghai if Hong Kong doesn't "shape up," says the founder and chairman of Citic Capital.Asia Economyread more
The Kingdom and oil and gas industry have been slow to shore up defenses, raising red flags about the possibility of longer term fall-out in the region.Technologyread more
Tensions between South Korea and Japan may ultimately disrupt the high-end tech sectors, says Heenam Choi, CEO at South Korea's sovereign wealth fund.Traderead more
On Sunday, the 71st Primetime Emmy Awards honored the best comedies, dramas, limited and variety series from the last year.Entertainmentread more
U.S. President Donald Trump's national security advisor said on Sunday that White House Asia policy adviser Matt Pottinger would become his top deputy.Politicsread more
Removing Neumann is a difficult decision for Son, who has long believed in WeWork and Neumann's vision to quickly expand the company.Technologyread more
Datadog went public on Thursday and instantly hit a $10 billion valuation, becoming the fourth cloud software debut to reach that level this year.Technologyread more
The hearing is being conducted by the Senate Homeland Security and Governmental Affairs Subcommittee on Investigations.
The subcommittee also released a report that strongly criticizes Equifax's handling of data security leading up to the stunning loss of the consumer credit data of 143 million people, announced on Sept. 7, 2017.
As CNBC previously reported, the data have never been found and the consensus among top cybersecurity and intelligence professionals is that the information was stolen by a foreign government to be used for spying.
The report is especially critical about how Equifax operated its technology and cybersecurity functions, and how employees talked about possible security flaws with top executives. In one passage, the report describes how executives allegedly shrugged off meetings in March 2017, the time a critical flaw in open-source software called Apache Struts was causing havoc at many financial organizations. The flaw in Apache Struts, a ubiquitous software platform across the corporate world, went unpatched in one Equifax department and was ultimately the point of entry for the landmark cyberattack.
"The Subcommittee interviewed the leadership of the Equifax IT and security staffs and learned that none of them regularly attended these monthly meetings or specifically recalled attending the March 2017 meeting," the subcommittee's report says. "In addition, the Chief Information Officer who oversaw the IT department during 2017, referred to patching as a 'lower level responsibility that was six levels down' from him."
The CIO, Jun Ying, was fired soon after the incident, and Equifax CEO Richard Smith later stepped down. Yung has been charged with insider trading by the Securities and Exchange Commission, which alleges that "before Equifax's public disclosure of the data breach, Ying exercised all of his vested Equifax stock options and then sold the shares, reaping proceeds of nearly $1 million."
"Equifax has cooperated with the Subcommittee in its investigation and, while we do not agree with a number of findings and characterizations in the report, we remain committed to being transparent and cooperative, while sharing important learnings from the 2017 incident with the cybersecurity community," said Equifax spokesman Jacob Hawkins in a statement.
The credit-rating company has taken steps to improve its security practices, including hiring a new chief technology officer and chief information security officer and increasing technology and security spending incrementally by $1.25 billion between 2018 and 2020. Hawkins said it has also hired "nearly 1,000" new full-time technology and security professionals.
The report also criticizes Equifax for improperly saving records of internal conversations about the breach. Employees used an internal chat service called Microsoft Lync, which was set to not preserve conversations. Although this is a typical data retention practice, companies often adopt different standards surrounding events that may lead to legal action, specifically enacting a "legal hold" on any employee conversations about the incident.
"During its investigation, the Subcommittee learned that Equifax employees conducted substantive discussions of the discovery and mitigation of the data breach using Microsoft Lync, an instant messaging product," the report says. "After discovering the data breach on July 29, 2017, Equifax did not issue a legal hold for related documents until August 22, 2017. Despite the legal hold, Equifax did not change the default setting on the Lync platform and begin archiving chats until September 15, 2017."
As for Marriott, the hearing will focus on last year's breach that affected as many as 383 million guest records.
Marriott reported its breach on Nov. 30. The company said the guest records were stolen in what has also been widely attributed to a nation-state attack. Marriott's breach did not include as much sensitive information as Equifax's did, but it did include a limited number of customers' passport and credit card data.
The hearing will take place from 10 a.m. to 1 p.m. ET, and will be available for streaming here.
Correction: This story was revised to correct the first name of former Equifax CEO Richard Smith.