Equifax CEO Resigns After Historic Data Breach

By Nathaniel Mott
published

Weeks after it revealed a data breach that compromised the personal data of 143 million Americans, Equifax announced the retirement of chairman and CEO Richard Smith. It also elected a new chairman, appointed an interim CEO, and started the search for Smith's replacement.

Smith's departure follows scandal after scandal involving the company's handling of its data breach. It's not just that the names, addresses, and Social Security numbers of a significant portion of the U.S. population were stolen from a company many people cared little about before this hack. It's that at every step, from the unpatched vulnerability that enabled the breach to its disclosure timeline, Equifax stubbed its toe.

Let's recap:

These missteps show a pattern of carelessness and greed amidst a data breach that will affect many Americans long into the future. Equifax wasn't hacked by criminal masterminds; it was targeted by someone who was simply curious enough to see if a company that holds incredibly sensitive information about millions of Americans had bothered to install a patch months after it was released. That lark just happened to pay off.

Not that the hackers are the only ones who stood to profit from the breach. Fortune pointed out that Equifax acquired an identity protection firm, ID Watchdog, after the breach was discovered but before it was disclosed. One could give Equifax the benefit of the doubt and think it wanted to bolster its defensive capabilities. One could also believe the company "predicted" that protective services would "mysteriously" rise in popularity.

Here's what Equifax's new chairman, Mark Feidler, said about the decision to "retire" Smith:

The Board remains deeply concerned about and totally focused on the cybersecurity incident. We are working intensely to support consumers and make the necessary changes to minimize the risk that something like this happens again. Speaking for everyone on the Board, I sincerely apologize. We have formed a Special Committee of the Board to focus on the issues arising from the incident and to ensure that all appropriate actions are taken.

Equifax's next moves will make it clear whether Feidler truly plans to address the company's deep issues or if Smith is merely a scapegoat.

Nathaniel Mott
Nathaniel Mott
Freelance News & Features Writer

Nathaniel Mott is a freelance news and features writer for Tom's Hardware US, covering breaking news, security, and the silliest aspects of the tech industry.

Topics
Security
18 Comments Comment from the forums
  • JamesSneed
    This is just ridiculous.
    Reply
  • g-unit1111
    Resigns? He put half the country in financial jeopardy. He should be investigated and prosecuted to the maximum extent the law allows.
    Reply
  • dark_lord69
    Equifax = We have your info without your permission
    I would like to see all 3 go down in flames and replaced by a new branch of government.

    Why?
    -because it affects nearly 100% of americans
    -because it's too important to leave to private companies to F-up
    -wrong items are never corrected unless you submit a letter/correction request
    -For political leaders credit reporting companies fix their credit reports for them so they don't have to deal with the nightmares that can happen. (must be nice) That's also way the government allows these companies. If your opinion matters (in politics) your credit history will be managed for you so you continue to have a positive opinion of these companies.
    Reply
  • gangrel
    And putting it completely in the government's hands is better? NOT. While I'd be somewhat concerned about intentional misuse, my primary concern is that government systems and code are FAR behind industry.

    That said, one thing I question is the degree of oversight, and the general effects of deregulation. How much accountability is there, really? The CEO is unlikely to go to jail; I'm not sure he'll ever get fined. Oh, he got fired...and odds are, will never work again. Poor boy only has the remains of his 8-digit annual salary and stock options to fall back on. Wahh. Gee, he won't be able to attend all 4 Grand Slams, if he's a tennis guy...he'll have to cut back to just 2. Terrible....feel for him.............

    Not that there's a snowball's chance of adequate compensation, should this really blow up.
    Reply
  • g-unit1111
    20212931 said:
    Equifax = We have your info without your permission
    I would like to see all 3 go down in flames and replaced by a new branch of government.

    Why?
    -because it affects nearly 100% of americans
    -because it's too important to leave to private companies to F-up
    -wrong items are never corrected unless you submit a letter/correction request
    -For political leaders credit reporting companies fix their credit reports for them so they don't have to deal with the nightmares that can happen. (must be nice) That's also way the government allows these companies. If your opinion matters (in politics) your credit history will be managed for you so you continue to have a positive opinion of these companies.

    You are aware that the government already has *TONS* of safeguards in place to protect consumers from credit fraud right? Most were implemented under FDR during the Great Depression.
    Reply
  • dstarr3
    Let me guess, he got a $500,000,000 exit bonus on top of it.
    Reply
  • kookykrazee
    Did he resign or retire? I have read articles stating both.
    Reply
  • gangrel
    "Resign" appears to be much more commonly used.

    Also, CEOs commonly announce retirement dates 12-18 months in advance, in order to promote a smoother transition and not shake investor confidence. So resign is more accurate, but the action is also triggering retirement clauses (including an $18M *pension*.)
    Reply
  • ubercake
    The fact that one company can hold enough information that someone else can assume your identity on paper is scary. In the U.S. we have 3 bureaus with this information. The credit bureaus, if they are going to continue to hold this information, need to be held to the highest security standards in order to protect the citizens of any nation utilizing them. The crime of allowing the data to be compromised to this extent needs to be punished and a precedent set that makes each of the bureaus question whether they should continue to exist.

    Someone fraudulently uses your bankcard? You see it on your statement or the bank notices unusual activity and the bank issues you a new card/number.

    Someone fraudulently uses your SSN (and you may not even know it's in use)? Unless you can prove to the U.S. government that you have been damaged in some way by the fraudulent use of your SSN, you won't be issued a new SSN.

    I say sign this petition so SSN becomes a worthless commodity and they come up with a new way to ID us all that is more than a simple number:
    https://petitions.whitehouse.gov/petition/equifax-data-breach-and-social-security-numbers-what-government-doing-protect-143-million-citizens
    Reply
  • gangrel
    It's actually likely, IMO, that people are already considering the issue. It's an extremely complex problem because the SSN is ubiquitous, and also to do it in a way that doesn't involve privacy issues.

    I don't think such a massive change is necessary. It's clear that there were major security issues, which should be addressed. For example, the seurity patch that was not applied? Require confirmation that all critical patches are installed. The situation where the admin/admin log-in was left active...require a security audit for all servers.

    Finally, it is not clear to me that any actual crime was committed by Equifax. They broke trust; they are absolutely open to civil liability. But not necessarily criminal.
    Reply