Equifax CEO Richard Smith is stepping down amid public outrage in response to the massive data breach announced earlier this month.
This is a good decision in terms of reputation for Equifax, but Smith should be up on charges and the company should be subject to a class action suit.
“The cybersecurity incident has affected millions of consumers, and I have been completely dedicated to making this right,” said Smith. “At this critical juncture, I believe it is in the best interests of the company to have new leadership to move the company forward.”
Equifax veteran Paulino do Rego Barros Jr. will lead the company until a replacement CEO is hired.
Smith will testify before Congress next week, where he will be forced to answer uncomfortable questions like:
• Why Equifax waited 6 weeks to announce the hack
• Why he put a music major in a key technology position
• Why Equifax did not immediately patch the software vulnerability that allowed hackers access to nonpublic information
• Why information about the company’s chief security officer has been deleted from the Internet
Some lawmakers are demanding Smith do more than testify. “It’s not real accountability if the CEO resigns without giving back a nickel in pay,” argues Senator Elizabeth Warren (D-MA), insisting that Barros and board member Mark Feidler also testify before Congress.
Equifax has attracted criticism from lawmakers, regulators, and the general public since September 7th, when it announced that a cyberattack had exposed the personal information of more than 140 million Americans. Stolen data includes names, birth dates, addresses, driver’s license numbers, and social security numbers.
“On a scale of 1 to 10, this is a 10 in terms of potential identity theft,” said Gartner security analyst Avivah Litan.
New York Senator Chuck Schumer called the hack “one of the most egregious examples of corporate malfeasance since Enron,” and was one of the first to demand Smith’s retirement.
As I wrote in a previous article, Equifax chief security officer Susan Mauldin (a music major with no technical training) has also decided to retire.
Smith, who has been CEO since 2005, will continue on at Equifax as an “unpaid adviser” after he retires. In the meantime, he stands to earn as much as $18.4 million in retirement payouts. A decision about how much of this he is now eligible to receive will be put on hold until the company board has finished its review of the incident.
Equifax stock has dropped 27% since the cyberattack, but seems to have halted for the time being.
Editor’s note: This guy was asleep at the wheel. Equifax is a data company its one and only asset is its data. On his watch, the Equifax data was stolen and half the country is at risk. Richard Smith is an incompetent fool.