Equifax CEO Richard F. Smith retired today, stepping down in the wake of a massive data breach that leaked Social Security Numbers, birthdates, addresses, and other personal data of 143 million people. Smith, who held the position since 2005, follows the company's CSO and CIO, who both resigned Sep. 14.
The credit reporting firm has received sharp criticism for both its data security practices and its breach response efforts.
Attackers lifted the data by exploiting an unpatched vulnerability in the company's website. The public was not notified until months after the incident was discovered. Services set up to inform individuals whether or not they were impacted were fraught with problems -- giving users conflicting information and requiring them to waive certain legal rights (until public outcry pressured Equifax to remove the clause). An offer of one year of free credit reporting, from the very credit reporting firm that had just been breached, was also considered insufficient.
There were also questions of corruption, as three Equifax executives, including the CFO, sold their shares in the company in the days following the breach discovery. Equifax has stated that these executives were unaware of the incident at the time.
Both state and federal government bodies have launched investigations into the Equifax incident. Smith had agreed to testify before the House Energy and Commerce Committee in early October.
Read more at Reuters and theNew York Times.
Join Dark Reading LIVE for two days of practical cyber defense discussions. Learn from the industry’s most knowledgeable IT security experts. Check out the INsecurity agenda here.