Equifax chief executive and chairman Richard Smith stepped down today in the wake of a massive hack of the consumer credit rating service. The company tapped longtime Equifax executive Paulino do Rego Barros as interim chief executive while it undertakes a search for a new leader following the massive data breach from mid-May through July that was disclosed earlier this month. The hack resulted in the theft of personal information from 143 million US customers. The origins of the attack are not known, but analysts say it could have been directed by any number of cyber-criminal groups or nation-states, for financial gain or for espionage purposes.
Smith will “retire” from both roles effective immediately, the company said. “At this critical juncture, I believe it is in the best interests of the company to have new leadership to move the company forward,” Smith said in a statement. Mark Feidler, a board member who was named non-executive chairman, said the board is “totally focused” on the cyber- security incident. Equifax disclosed the breach September 7, saying hackers obtained names, social security numbers, birth dates, addresses and, in some instances, driver’s license numbers from the database, potentially opening up victims to identity theft.
The company said credit card numbers were compromised for some 209,000 US consumers, as were credit dispute documents for 182,000 people.
The breach is seen as one of the worst ever, because of the sensitivity of the data leaked and the potential for identity theft. A regulatory filing on the shakeup today said Smith would waive any right to an annual bonus under his contract and would provide “reasonable assistance” to the company without compensation for 90 days. Last week, two other Equifax executives, its chief information officer and chief security officer, stepped down as the company began its review of the hack.
The US Federal Trade Commission and congressional investigators have opened probes into the incident and the FBI said it was “tracking the situation as appropriate.” Equifax is also facing a slew of lawsuits from consumers, investors and businesses who rely on the service. Some analysts said the delay in reporting the breach to the public raised troubling questions, and stock sales by senior executives during that period added to those concerns. An Equifax spokesperson said the executives who sold shares “had no knowledge that an intrusion had occurred at the time they sold their shares.”