Equifax says CIO, chief security officer to leave after breach

Equifax Inc. said two of its senior executives are leaving as the credit-reporting company faces mounting public anger for losing data on 143 million Americans in one of the biggest cyberattacks in history.

The firm’s chief information and chief security officers are retiring immediately, the Atlanta-based company said Friday in an emailed statement that didn’t name the individuals. Mark Rohrwasser was named interim CIO and Russ Ayres was appointed interim CSO, reporting to Rohrwasser, according to the statement.

Equifax has faced withering criticism since disclosing Sept. 7 that hackers stole sensitive data — including Social Security numbers, birth dates and other identifying information — for much of the adult U.S. population. Lawmakers have since threatened to boost oversight of the industry, whose knowledge of consumers can, in the wrong hands, be used for identity theft and fraud. The Federal Trade Commission even took the rare step of announcing a probe, citing the “intense public interest and the potential impact.”

A monitor displays Equifax signage on the floor of the New York Stock Exchange.
A monitor displays Equifax Inc. signage on the floor of the New York Stock Exchange (NYSE) in New York, U.S., on Friday, Sept. 8, 2017. The dollar fell to the weakest in more than two years, while stocks were mixed as natural disasters damped expectations for another U.S. rate increase this year. Photographer: Michael Nagle/Bloomberg

The company said in the statement that it has hired the cybersecurity firm Mandiant to review the incident and “continues to work closely with the FBI in its investigation.”

On Sept. 13, Equifax conceded that hackers exploited a software vulnerability known as Apache Struts CVE-2017-5638. Computer-security specialists had publicly identified that weakness earlier this year, offering a patch to fix it in March. Equifax has said the breach happened sometime after mid-May and was discovered July 29.

“This is the most humbling moment in our 118-year history,” Chief Executive Officer Richard Smith wrote in an op-ed posted to USA Today’s website Sept. 12. “We apologize to everyone affected.”

Two days later, Senate Minority Leader Chuck Schumer called for Smith and the company’s board to quit. The incident is “one of the most egregious examples of corporate malfeasance since Enron,” he said, referring to the Texas energy trader that collapsed in 2001 after lying about its finances.

Bloomberg News
Data security Personally identifiable information Cyber attacks Equifax
MORE FROM AMERICAN BANKER