OTTAWA -- MPs chastised an Equifax Canada executive Monday for not doing more to make amends to thousands of Canadians whose personal information was compromised by hackers. John Russo, chief privacy officer for the Canadian branch of the global credit-reporting firm, faced a barrage of pointed questions at a House of Commons committee over how the breach happened and the adequacy of the company's response. Russo unreservedly apologized for the lapse at Equifax's U.S. parent that affected 19,000 Canadians this year. "Being a trusted steward of information has long been one of Equifax's core principles, so we were devastated when this happened," Russo told the Commons committee on information, privacy and ethics. "I can assure you that in the months and years leading up to this incident, Equifax U.S. did not take data protection lightly. In fact, it has invested aggressively, particularly over the past five years, in security and network resilience. Nevertheless, a cyberattack and breach occurred, and information was stolen by criminals." The breach included names, addresses and social insurance and credit card numbers, as well as usernames, passwords and secret question/secret answer data. Hackers also accessed or stole the personal data of 145.5 million U.S. consumers and nearly 400,000 Britons in the breach, which was discovered July 29. Equifax first notified the public of the breach on Sept. 7, though it says the unauthorized access is thought to have happened from mid-May through July. Equifax has notified affected Canadians by mail -- making efforts to ensure it has up-to-date postal addresses -- and has offered them free credit monitoring and identity theft protection for one year. The protection includes daily credit monitoring with alerts, daily access to personal Equifax credit reports and scores, Internet scanning of suspicious credit-card number and SIN use, and up to $50,000 of identity theft insurance to help affected people with out-of-pocket expenses. Conservative MP Bob Zimmer, the committee chairman, said given that the effects of identity theft "can be life-changing," $50,000 seems insufficient to cover people. "They might not be able to buy a