The fallout from the incident has been swift, with two other top executives—the chief information officer and chief security officer—stepping down a week after the company told the public it had been compromised.
The credit card reporting agency said hackers exploited an application vulnerability between mid-May and July this year, gaining access to names, social security numbers, birth dates, addresses, and driver’s licenses. The attack’s reach—affecting one in three Americans—along with the sensitive nature of the stolen data, makes it one of the worst cybersecurity incidents in history.
The company faced harsh criticism from the public and lawmakers for the delay in making the breach public, and for its embarrassing response, which left millions of customers concerned and confused. Equifax set up a website that let people check if their data was compromised but forced them into a free credit monitoring service with concerning terms of service.
Smith will leave effective immediately, after 12 years leading Equifax. The company named board member Mark Feidler as non-executive chairman and Paulino do Rego Barros, current president of Asia Pacific, as interim CEO until it can find a new leader.
“The board remains deeply concerned about and totally focused on the cybersecurity incident,” Feidler said in a statement. “We are working intensely to support consumers and make necessary changes to minimize the risk that something like this happens again.”
Equifax is facing dozens of lawsuits from governments, consumers, shareholders, and financial institutions, and the FBI is currently leading an investigation into the cyberattack. The Department of Justice is also investigating the company after executives sold $1.8 million worth of shares in August. Equifax denies that the executives knew of the breach before selling their shares of stock.
H/T New York Times