Equifax chief executive Richard Smith has stepped down amidst the spiraling aftermath of an enormous data breach that affects 143 million people, including most adult Americans and around 400,000 Britons.
Paulino do Rego Barros, the former president of the company's Asia Pacific division, has taken up the mantle of interim CEO; and, Equifax's board of directors has appointed board member Mark Feidler as Equifax's nonexecutive chairman.
"The cybersecurity incident has affected millions of consumers, and I have been completely dedicated to making this right,” Smith said in a statement. “At this critical juncture, I believe it is in the best interests of the company to have new leadership to move the company forward."
The credit reporting giant which, among other things, is responsible for determining credit scores based on people’s debt loads, credit repayment histories, credit availability and so on, revealed the breach earlier in September, a full six weeks after it was discovered.
The incident, which the company blamed on an Apache Struts vulnerability, saw criminals make off with names, Social Security numbers, dates of birth and physical addresses, along with potential information on credit accounts, including the type of account, when it was opened, the limit, and the balance and payment history, and information on consumers' address history and debt.
The company’s lack of timely acknowledgment of the incident and questions around its data governance has drawn the ire of millions of individuals and businesses that could be affected by follow-on phishing, fraud, extortion and identity theft attacks. The fallout has already begun: Its CSO and CIO have already stepped down; and the company is the defendant in a class-action suit that argues that an estimated 28 million small business operators in the US face special risk of suffering multiple damages arising from the spectacularly wide-ranging data breach. It’s likely that the company will face more consequences as time goes on and more is discovered about the circumstances surrounding the breach and its disclosure.
“The Board remains deeply concerned about and totally focused on the cybersecurity incident,” Feidler said in the statement. “We are working intensely to support consumers and make the necessary changes to minimize the risk that something like this happens again. Speaking for everyone on the Board, I sincerely apologize. We have formed a Special Committee of the Board to focus on the issues arising from the incident and to ensure that all appropriate actions are taken.”
Equifax’s isn’t the only notable finance-related breach that’s come to light this month: Both Deloitte and the US Securities & Exchange Commission (SEC) are reeling from exposures that affect some of the largest companies in the world.
Have you registered for Infosecurity North America taking place in Boston, 04-05 October 2017? For the full agenda, speaker list and more information, please visit https://www.infosecurity-magazine.com/conferences/infosecurity-north-america/