Equifax, the credit-reporting agency under fire after a massive hack exposed the personal data of millions of Americans, said two of its top executives are stepping down. But the CEO, Richard Smith, is remaining in charge of the company, despite calls from politicians and pundits for him to resign.
The chief security officer, Susan Mauldin, and chief information officer, David Webb, are retiring immediately as the company reviews the cyberattack, Equifax said in a statement on Sept. 15. (It also revealed that as many as 400,000 UK consumers could be affected by the hack, in addition to 143 million Americans.)
Maudlin’s resume is raising some questions. Brett Arends, a columnist at MarketWatch, points out that Mauldin appears to have no educational qualifications in data security. Instead, she obtained two degrees in music composition before 14 years of security experience in the private sector.
The company’s network was breached between mid-May and July 29, when it first detected something was wrong. It is already one of the biggest and most egregious cyberattacks in history, since Social Security, drivers license, and credit card numbers were stolen. It’s unclear who is responsible for the hack, nor why the company failed to stop it, since it was aware of the vulnerability in its system.
Equifax’s handling of the incident has drawn widespread criticism. It did not disclose the hack until weeks after it was discovered, and it turned out that some of its executives have sold nearly $2 million in company stock before the announcement, raising concerns about insider trading. (The company says the executives weren’t aware of the breach.)
US lawmakers have introduced several bills to deal with the fallout of the breach, and the Federal Trade Commission and the FBI have both launched investigations into the hack. Smith, who has apologized to customers in an op-ed for USA Today, will be testifying in front of Congress.