New problems arising for Equifax after it was revealed that their cybersecurity chief responsible for securing 143 million stolen records was a music major with no technical training.
Equifax chief security officer Susan Mauldin retired on Friday amid widespread accusations that her company could have done more to prevent the massive data breach that has exposed more than 140 million Americans to potential identity theft.
The data breach was announced in early September, but Equifax found out about it six weeks beforehand. Hackers reportedly exploited a website application to gain access to files between May and July.
According to a recent report, the credit card reporting agency knew about the software vulnerability for months. It should have been patched.
Information about Mauldin started to disappear from the Internet as soon as the breach went public – but not before it was discovered that she has a Master’s Degree in music composition.
“This was the smoking gun that to some proved Mauldin’s obvious unfitness for the job,” reports The Washington Post.
In Mauldin’s defense, she does have 14+ years of experience in the private sector since earning her degree. But she still lacks a formal education in technology.
IT professionals have been quick to argue that Mauldin’s background has nothing to do with Equifax’s failure to patch the software problem. They point out that IT workers come from all backgrounds, from construction to film.
“Just about everybody in my cohort that I worked within the last 20 years has come from pretty much another field. I knew somebody who had majored in Chinese philosophy…he was one of the best, most creative and well-rounded security consultants that I knew,” says Wendy Nather, the principal security strategist at Duo Security.
Equifax is one of the three largest credit card reporting agencies in the country, and despite these arguments, I can’t help but wonder why CEO Richard Smith would put a music major in charge of data security for such for such a massive amount of sensitive information.
I expect that Smith will have to endure at least one round of Congressional hearings, and I can’t wait to hear him explain:
• Why he waited six weeks to tell Americans about the breach
• Why a person with no degree in technology was in charge of keeping massive amounts of sensitive information safe
• Why Equifax did not patch the software problem
• Why information about Mauldin was scrubbed from the Internet
Changes to Mauldin’s LinkedIn profile include: profile was set to private, the last name was changed to “M,” and education details were deleted. Two interviews were deleted from YouTube and a podcast was taken down.
In the meantime, Equifax’s chief information officer has also decided to retire.
Editor’s note: There needs to be a class action lawsuit and Equifax needs to be sued out of existence. Their irresponsibility caused the loss of privacy for a major portion of the American people. There is no recourse, no way they could make up for any of this.