AP Photo/Mike Stewart

Equifax example shows what companies shouldn’t do

As the chief executive of Equifax Inc. steps down, a Dayton-area cyber-security expert says the company’s example in the past few weeks has been a case study in what companies in similar situations shouldn’t do.

“When there’s a potential loss of data or (a sign that) data has been compromised, the first thing not to do is start covering your own butt,” said Shawn Walker, co-founder and vice president of Miamisburg-based Secure Cyber Defense LLC.

Richard Smith, the chief executive of Equifax Inc., is retiring less than a month after his company first publicly acknowledged that it sat on news of a broad cyber-theft of customer financial data.

The retirement is effective today, according to a company statement. Mark Feidler, an Equifax board member, will serve as “non-executive chairman,” Equifax said. Paulino do Rego Barros, Jr., president of company’s Asia Pacific region, has been appointed as interim CEO.

RELATEDSenator calls for SEC, Justice investigation into Equifax

“The board remains deeply concerned about and totally focused on the cyber-security incident,” Feidler said in the company’s statement. “We are working intensely to support consumers and make the necessary changes to minimize the risk that something like this happens again.

“Speaking for everyone on the board, I sincerely apologize,” he added. “We have formed a special committee of the board to focus on the issues arising from the incident and to ensure that all appropriate actions are taken.”

RELATEDEquifax steps back from ‘forced arbitration’

Equifax — one of the biggest consumer credit reporting agencies — acknowledged earlier in September that it suffered a “cyber-security incident” that affected about 143 million U.S. consumers.

The unauthorized access to the company’s data happened from mid-May through July this year, but the company did not alert customers until about six weeks after it was uncovered.

Information stolen primarily included names, Social Security numbers, birth dates, addresses and even some driver’s license numbers, the company said.

Walker said Equifax is showing that companies need detailed plans in place to deal with cyber attacks before they happen.

“We’re seeing an example where companies at the highest level are starting to feel the blowback that will come of not adequately protecting data,” Walker said Tuesday.

There were also reports of Equifax executives selling company stock after the breach was discovered but before it was publicly acknowledged.

Thank you for reading the Dayton Daily News and for supporting local journalism. Subscribers: log in for access to your daily ePaper and premium newsletters.

Thank you for supporting in-depth local journalism with your subscription to the Dayton Daily News. Get more news when you want it with email newsletters just for subscribers. Sign up here.