Equifax executives step down after major hack (Update)

September 16, 2017

The Equifax chief information officer and head of security will retire, effective immediately, as "part of the company's ongoing review of the cybersecurity incident" that resulted in personal data of 143 million customers being stolen by hackers
Equifax has replaced two senior executives entrusted with watching over its computers, after the credit reporting agency revealed it suffered a major hack that led to one of the worst-ever breaches of personal data.

The Equifax chief information officer and head of security will retire, effective immediately, the firm said Friday, as part of an "ongoing review of the cybersecurity incident" that resulted in the theft of personal data from 143 million US customers.

Hundreds of thousands of British customers and an unspecified number in Canada may have also been affected by the hack at Equifax, one of the three major credit bureaus that collect consumer financial data.

The breach is considered particularly serious because the type of data collected—names, social security numbers, addresses, credit card numbers, and other financial details—can potentially be used by criminals to steal people's identities for financial gain.

An internal investigation into the hack continues and the company is working with FBI investigators, according to Equifax.

Word that top Equifax executives were out came on the same day that Canada's privacy commissioner announced a high-priority investigation into the massive data theft.

A lawsuit by Canadian consumers whose data was stolen was also launched this week, seeking class action status and damages of Can$550 billion ($450 billion US).

Equifax also confirmed on Friday that "limited" information from as many as 400,000 British customers may have been hacked—adding that the data was restricted to name, date of birth, email address and a telephone number.

"Equifax believes identity takeover is unlikely for the UK consumers who had their data potentially accessed in this incident," the company's UK branch said in a statement, adding that it was reaching out to the customers concerned.

Questions mount

Equifax collects consumers' financial data in order to rate their credit-worthiness to banks, home sellers, auto sellers and others who depend on consumer credit in marketing.

The hack took place from mid-May through July 2017 via a website application vulnerability that US cyber security companies say they had identified in March.

US officials have not revealed if they know who was behind the breach, though foreign hackers are widely suspected.

In disclosing the breach on September 7, the Atlanta-based company did not explain why it waited more than a month to warn those affected about a risk of identity theft.

A senior US senator has asked the Federal Trade Commission, one of the few bodies with oversight powers over loosely regulated credit raters, to examine Equifax's security practices and its "widely-panned response" to consumers potentially impacted.

Senator Mark Warner, a member of the powerful Senate Banking Committee, accused the company of "exceptionally poor cybersecurity practices" that continued even after the hack became known.

He also said the company's woeful response to people whose data may have been lost—including trying to charge them for protection—was "alarming."

"The volume and sensitivity of the data potentially involved in this breach raises serious questions about whether firms like Equifax adequately protect the enormous amounts of sensitive data they gather and commercialize."

Shares sold

US lawmakers have expressed particular outrage over allegations that three Equifax officials sold their company stock before the hack was made public.

Filings with the US Securities and Exchange Commission showed that three high-ranking Equifax executives sold shares worth almost $1.8 million in the days after the hack was discovered.

An Equifax spokesperson told AFP the executives "had no knowledge that an intrusion had occurred at the time they sold their shares."

Senator Elizabeth Warren on Friday fired off letters to credit reporting agencies Equifax, TransUnion and Experian as well as to several governmental agencies as part of "a new, broad investigation" into the breach and how it was handled, according to a release.

"Equifax's initial efforts to provide customers information did nothing to clarify the situation and actually appeared to be efforts to hoodwink them into waiving important legal rights," Warren said in a letter to the company.

While not the largest-ever breach—Yahoo attacks leaked data on as many as one billion accounts—the Equifax incident could prove the most damaging because of the high-value of the data stolen.

The House Energy and Commerce Committee has scheduled an October 3 hearing with Equifax chief executive Richard Smith, who has openly apologized.

Explore further: Canadian class action suit launched against Equifax over data breach

Related Stories

143 mn affected in hack of US credit agency

September 8, 2017

A major American credit reporting agency entrusted to safeguard personal financial information said Thursday hackers looted its system in a colossal breach that could affect nearly half the US population as well as people ...

US watchdog confirms probe of huge Equifax data breach

September 14, 2017

A US consumer protection watchdog agency said Thursday it has begun an investigation into a massive data breach at credit bureau Equifax that may have leaked sensitive information on 143 million people.

Investors punish Equifax for massive data breach

September 8, 2017

Investors were bailing out on Equifax a day after the credit monitoring company said a data breach exposed the Social Security numbers and other personal data of 143 million Americans.

Recommended for you

In colliding galaxies, a pipsqueak shines bright

February 20, 2019

In the nearby Whirlpool galaxy and its companion galaxy, M51b, two supermassive black holes heat up and devour surrounding material. These two monsters should be the most luminous X-ray sources in sight, but a new study using ...

Physicists 'flash-freeze' crystal of 150 ions

February 20, 2019

Physicists at the National Institute of Standards and Technology (NIST) have "flash-frozen" a flat crystal of 150 beryllium ions (electrically charged atoms), opening new possibilities for simulating magnetism at the quantum ...

When does one of the central ideas in economics work?

February 20, 2019

The concept of equilibrium is one of the most central ideas in economics. It is one of the core assumptions in the vast majority of economic models, including models used by policymakers on issues ranging from monetary policy ...

1 comment

Adjust slider to filter visible comments by rank

Display comments: newest first

carbon_unit
not rated yet Sep 18, 2017
Screw most of the consumers in the US.
Possibly destroy the company.
Retire! (Aren't golden parachutes wonderful??)

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.