Equifax CEO falls on his sword weeks after credit biz admits mega-breach

Well, what else could he do?


Equifax's chairman and chief exec today resigned, weeks after the consumer credit reporting agency admitted a massive security breach.

Richard Smith, who "retires" with immediate effect, has joined a growing list of senior people that exited Equifax in the wake of the mega leak that affected in excess of 100 million consumers.

Smith will not collect his annual bonus, according to his agreement with Equifax. He will be on hand for the next 90 days to provide assistance to the organisation but will not be compensated for doing so.

Seven-year company veteran Paulino do Rego Barros Jr, who most recently served as president for Asia Pacific, was appointed as caretaker CEO while the company searches for a permanent successor.

"The cybersecurity incident has affected millions of consumers, and I have been completely dedicated to making this right," Smith said in a canned statement. "At this critical juncture, I believe it is in the best interests of the company to have new leadership to move the company forward."

Smith is due to appear before the House Energy and Commerce Committee on October 3 to answer questions about the hack. It's not immediately clear whether or not do Rego Barros will take his place.

Smith is not the first senior Equifax exec to depart the firm since the breach, which actually took place months ago, was made public. The CIO and CSO are both "retiring", the company said roughly a fortnight ago.

On September 7, Equifax admitted a massive breach had exposed the private data of over 143 million Americans. The incident, which started in mid-May but was only detected in late July, was blamed on a missed Apache Struts update.

An estimated 400,000 Brits and 100,000 Canadians were also caught up in the mess, Equifax eventually confirmed.

Equifax's incident response when it went public about the breach was heavily criticised on various grounds: a customer response site was a hastily constructed WordPress bodge job, and victims were initially asked to agree to take any dispute to arbitration and forfeit the right to take part in any class-action lawsuit. Predictably various class-action lawsuits have begun.

Meanwhile, Equifax shares have taken a huge hit from the whole sorry affair and were trading at $104 at the time of writing, compared to $140 a month ago.

Three top Equifax executives, including its chief financial officer, sold a combined $1.8m worth of stock after the breach was detected but before it was made public. Equifax said that the executives had "no knowledge that an intrusion had occurred at the time they sold their shares". ®

Similar topics


Other stories you might like

  • Google Pixel 6, 6 Pro Android 12 smartphone launch marred by shopping cart crashes

    Chocolate Factory talks up Tensor mobile SoC, Titan M2 security ... for those who can get them

    Google held a virtual event on Tuesday to introduce its latest Android phones, the Pixel 6 and 6 Pro, which are based on a Google-designed Tensor system-on-a-chip (SoC).

    "We're getting the most out of leading edge hardware and software, and AI," said Rick Osterloh, SVP of devices and services at Google. "The brains of our new Pixel lineup is Google Tensor, a mobile system on a chip that we designed specifically around our ambient computing vision and Google's work in AI."

    This latest Tensor SoC has dual Arm Cortex-X1 CPU cores running at 2.8GHz to handle application threads that need a lot of oomph, two Cortex-A76 cores at 2.25GHz for more modest workloads, and four 1.8GHz workhorse Cortex-A55 cores for lighter, less-energy-intensive tasks.

    Continue reading
  • BlackMatter ransomware gang will target agriculture for its next harvest – Uncle Sam

    What was that about hackable tractors?

    The US CISA cybersecurity agency has warned that the Darkside ransomware gang, aka BlackMatter, has been targeting American food and agriculture businesses – and urges security pros to be on the lookout for indicators of compromise.

    Well known in Western infosec circles for causing the shutdown of the US Colonial Pipeline, Darkside's apparent rebranding as BlackMatter after promising to go away for good in the wake of the pipeline hack hasn't slowed their criminal extortion down at all.

    "Ransomware attacks against critical infrastructure entities could directly affect consumer access to critical infrastructure services; therefore, CISA, the FBI, and NSA urge all organizations, including critical infrastructure organizations, to implement the recommendations listed in the Mitigations section of this joint advisory," said the agencies in an alert published on the CISA website.

    Continue reading
  • It's heeere: Node.js 17 is out – but not for production use, says dev team

    EcmaScript 6 modules will not stop growing use of Node, claims chair of Technical Steering Committee

    Node.js 17 is out, loaded with OpenSSL 3 and other new features, but it is not intended for use in production – and the promotion for Node.js 16 to an LTS release, expected soon, may be more important to most developers.

    The release cycle is based on six-monthly major versions, with only the even numbers becoming LTS (long term support) editions. The rule is that a new even-numbered release becomes LTS six months later. All releases get six months of support. This means that Node.js 17 is primarily for testing and experimentation, but also that Node.js 16 (released in April) is about to become LTS. New features in 16 included version 9.0 of the V8 JavaScript engine and prebuilt Apple silicon binaries.

    "We put together the LTS release process almost five years ago, it works quite well in that we're balancing [the fact] that some people want the latest, others prefer to have things be stable… when we go LTS," Red Hat's Michael Dawson, chair of the Node.js Technical Steering Committee, told The Register.

    Continue reading

Biting the hand that feeds IT © 1998–2021