Just over a week after Equifax’s chief security officer and chief information officer “retired,” the bungling company’s CEO has made the same move after a huge data breach impacted over 140 million customers.
The company announced that Richard Smith has left his role as CEO and chairman of the board effective immediately following a huge security breach which is thought to have impacted as many as 142 million consumers. Those affected had Social Security numbers, birth dates, addresses and driver’s license numbers compromised, while credit card information for hundreds of thousands more customers is said to have been put at risk.
Smith had been in charge of Equifax, which has over 10,000 staff and a presence in 24 countries, for 12 years. Paulino do Rego Barros, most recently President of Asia Pacific for the company, has taken the CEO role in the interim period, but Equifax confirmed it is hiring for a full-time replacement.
“The cybersecurity incident has affected millions of consumers, and I have been completely dedicated to making this right. At this critical juncture, I believe it is in the best interests of the company to have new leadership to move the company forward,” Smith said in a statement.
Retirement isn’t typically the next step for an executive after one of the most severe security breaches in history, but it seems to be a euphemism for ‘fired’ and a reflection that most senior executives are unlikely to be hirable in the future.
That’s because there’s a lot more to be concerned about beyond the huge data hack itself.
The initial handling was bad. In the aftermath of news of the breach, Equifax appeared to be telling people at random that they were impacted while its checking sign automatically signed consumers up for one of its services.
But then there’s mounting evidence that the company had sat on the news for months. Three senior executives sold nearly $1.8 million in shares after the company learned internally that it had exposed the private data. Unsurprisingly, the U.S. Justice Department is investigating.
It also appears that Equifax failed to act when the security vulnerability was first raised and a solution was provided. Following the disclosure of the data breach, The Apache Foundation — which manages the software that the hackers exploited — said the hack was “due to (Equifax’s) failure to install the security updates provided in a timely manner.