Equifax chief resigns after data theft; interim successor named
Equifax Inc. Chief Executive Officer Richard Smith resigned, joining other senior managers who left the credit-reporting company amid an uproar over the theft of private data on 143 million Americans.
Smith will be replaced on an interim basis by Paulino do Rego Barros Jr., a seven-year company veteran who was most recently president of Asia Pacific, the Atlanta-based firm said Tuesday in a statement. Board member Mark Feidler, a former BellSouth Corp. president, was named nonexecutive chairman. The board will conduct a search for a permanent CEO and consider internal and external candidates.
“The board remains deeply concerned about and totally focused on the cybersecurity incident,” Feidler said in the statement. “We are working intensely to support consumers and make the necessary changes to minimize the risk that something like this happens again.”
Equifax has drawn outrage from lawmakers and scrutiny from regulators since Sept. 7, when it disclosed one of the biggest cyberattacks. Hackers stole sensitive data — including Social Security numbers, birth dates and other identifying information — for much of the adult U.S. population.
Smith, who will remain as an unpaid adviser to the company, isn’t the first executive to go down in the wake of the disclosure. The firm’s chief information and chief security officers retired as of Sept. 15, the company said in a statement that didn’t identify the executives. David C. Webb, who joined the firm in January 2010, was previously chief information officer, according to an annual regulatory filing in February. Susan Mauldin had been chief security officer, according to her professional profile on LinkedIn and an Equifax press release from 2015.
Mark Rohrwasser was named interim CIO and Russ Ayres was appointed interim CSO, reporting to Rohrwasser, according to the Sept. 15 statement.
Smith joined Equifax as CEO in 2005 after spending more than two decades climbing ranks at General Electric Co., where he worked in divisions focusing on plastics, modular homes, car fleets and insurance. Over almost 12 years at Equifax, the company’s stock more than quadrupled before the breach was announced. The shares have tumbled 26 percent since the breach was announced on Sept. 7.
On Sept. 13, Equifax conceded that hackers exploited a software vulnerability known as Apache Struts CVE-2017-5638. Computer-security specialists had publicly identified that weakness earlier this year, offering a patch to fix it in March. Equifax has said the breach happened sometime after mid-May and was discovered July 29.
“This is the most humbling moment in our 118-year history,” Smith wrote in an op-ed posted to USA Today’s website Sept. 12. “We apologize to everyone affected.”
Two days later, Senate Minority Leader Chuck Schumer called for Smith and the company’s board to quit. The incident is “one of the most egregious examples of corporate malfeasance since Enron,” he said, referring to the Texas energy trader that collapsed in 2001 after lying about its finances.
Lawmakers have threatened to boost oversight of the industry, which is supposed to safeguard data that could be used for identity theft and fraud. The Federal Trade Commission announced a probe, citing the “intense public interest and the potential impact.”