Richard Smith, the chief executive of Equifax Inc., is retiring less than a month after his company publicly acknowledged that it sat on news of a broad cyber-theft of customer financial data.
The retirement was effective Tuesday, according to a company statement. Mark Feidler, an Equifax board member, will serve as “non-executive chairman,” Equifax said. Paulino do Rego Barros Jr., president of company’s Asia Pacific region, has been appointed interim CEO.
“The board remains deeply concerned about and totally focused on the cyber-security incident,” Feidler said in the company’s statement.“We are working intensely to support consumers and make the necessary changes to minimize the risk that something like this happens again.
“Speaking for everyone on the board, I sincerely apologize,” he added. “We have formed a special committee of the board to focus on the issues arising from the incident and to ensure that all appropriate actions are taken.”
Equifax — one of the biggest consumer credit reporting agencies — acknowledged Sept. 7 that it suffered a “cyber-security incident” that affected potentially 143 million U.S. consumers, nearly half of the country’s population.
The unauthorized access to the company’s data happened from mid-May through July this year, but the company did not alert customers until about six weeks after it was uncovered.
Information stolen included names, Social Security numbers, birth dates, addresses and even some driver’s license numbers, the company said.
Walker said Equifax is demonstrating that companies need detailed plans in place to deal with cyber attacks before they happen.
“We’re seeing an example where companies at the highest level are starting to feel the blowback that will come of not adequately protecting data,” Walker said Tuesday.
Andrew Rossow, a Dayton attorney who focuses on data privacy and Internet issues, said the company’s response to the crisis in the past weeks has not been ideal.
But he questioned whether removing an experienced chief executive is the best move for Equifax at the moment.
“I think it’s become just very easy to just remove the individuals who may have had the resources, the knowledge” to deal with problems.
And Rossow agreed that companies like Equifax need to be ready for breaches before they occur.
“I think at a bare minimum every business — whatever industry you’re in — should have some sort of data policy or … protocol that goes into effect when something like this happens,” Rossow said.
Equifax’ statement Tuesday said nothing about separation pay or benefits for Smith.
On Sept. 15, Equifax announced the retirement of the company’s chief information and chief security officers.
Smith is expected to testify next week before the U.S. House Energy Committee. He had also been scheduled to appear before the Senate Banking Committee.
About the Author
