Follow CBSMIAMI.COM: Facebook | Twitter

WASHINGTON (CBSMiami) – Former CEOs of Yahoo and Equifax brought apologies to Capitol Hill as they faced lawmakers with questions about the massive data breaches at their companies and what can be done to protect consumers’ personal information.

“As CEO, these thefts occurred during my tenure, and I want to sincerely apologize to each and every one of our users,” Marissa Mayer, the former Yahoo CEO.

“Apologize deeply to American public for breach that we had,” added former Equifax CEO Richard Smith.

The Equifax breach exposed personal information of 145 million Americans earlier this year.

And a hack against Yahoo in 2013 affected all of its 3 billion user accounts.

“How do you really think you could have protected yourself?” Florida Sen. Bill Nelson asked Mayer.

“Even robust defenses and processes are not sufficient to protect against a state sponsored attack,” she responded.

But hackers exploited human and technological errors at Equifax, and lawmaker pressed the current CEO on new cyber security measures.

“Do you send 50 percent more today than you did before?” asked Kansas Sen. Jerry Moran.

“Four times more,” replied Equifax Interim CEO Paulino do Rego Barros Jr.

Lawmakers and all of the witnesses agreed that protecting personal information online is a moving target.

“We describe this as arms race, hackers become ever more sophisticated and we have to become sophisticated in turn,” Mayer said.

Panelists said Americans will need a new dynamic form of identification.

“Social security number a static identity as a basis for our online identity will not be secure is not secure and will never be secure in the future,” said Entrust Datacard Corp. CEO Todd Wilkinson.

There was consensus the industry and government should work together to come up with legislation for national data security and breach.

  1. All of your measures. Your IT group neglected to put a patch on your Apache software, and evidently did not have your data encrypted. Which is all against SOX compliance which is suppose protect your stakeholders.