Equifax CEO “retires” after massive data breach debacle

Posted on Posted in Cyber Security

Equifax CEO Rick Smith "retires" after data breach debacle

September 20th, 2017

Equifax CEO "retires" after massive data breach debacle

Lesson of the day: allow data breach, "lose" $1.45MM salaried CEO job

Rick Smith to testify before the Senate Banking Committee in October 2017


LOS ANGELES, September 26, 2017 – Rick Smith, the CEO of Equifax (NYSE:EFX) abruptly "retired" this morning following a massive data breach that affected 143 million American consumers.  This comes in the wake of the "retirement" of the company's Chief Information Officer (CIO) and Chief Information Security Officer (CISO) the previous week.

Equifax's stock price has dropped almost 30 percent since the data breach was first disclosed and destroyed over $5 billion of shareholder value.

We've heard reports from our partners that Equifax declined to buy their cybersecurity software about a year ago.  Needless to say, saving money on information security and not taking the precautions necessary to safeguard customers' data has tremendously hurt Equifax's shareholders, and the CEO, CIO, and CISO did the company and its shareholders a great professional disservice.

Had Equifax consulted with expert cybersecurity firms like ISSQUARED, they would have received the best advice.  Equifax used Apache Struts to build web applications, and a flaw in that tool enabled the breach, a flaw that the United States Department of Homeland Security, US-CERT, had already disclosed in March 2017!  Equifax's security department was aware of this issue, and had started the process of patching their servers.  Patch management, as we all know, can take time; the vulnerability has to be identified, the patch has to be developed, implemented, and tested to ensure it doesn't negatively affect the application before it can be deployed to all machines running that code.  Mandiant, a competitor to ISSQUARED, was consulted by Equifax, and identified the data that had been compromised between May 13th through July 30th, 2017.  Yet, the company moved slowly to patch, and 143 million American consumers suffered.

Word of advice: call the experts now, and stop saving a few bucks while risking billions of dollars of shareholder value.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.