Ex­ec­u­tive fall­out be­gins at Equifax over data breach

Jamaica Gleaner - - BUSINESS -

EQUIFAX AN­NOUNCED late Fri­day that its chief in­for­ma­tion of­fi­cer and chief se­cu­rity of­fi­cer would leave the com­pany im­me­di­ately, fol­low­ing the enor­mous breach of 143 mil­lion Amer­i­cans’ per­sonal in­for­ma­tion.

It also pre­sented a litany of se­cu­rity ef­forts it made after notic­ing sus­pi­cious net­work traf­fic in July.

The credit data com­pany said that Su­san Mauldin, who had been the top se­cu­rity of­fi­cer, and David Webb, the chief tech­nol­ogy of­fi­cer, are re­tir­ing from Equifax. Mauldin, a col­lege mu­sic ma­jor, had come un­der me­dia scru­tiny for her qual­i­fi­ca­tions in se­cu­rity. Equifax did not say in its state­ment what re­tire­ment pack­ages the ex­ec­u­tives would re­ceive.

Mauldin is be­ing re­placed by Russ Ay­ers, an in­for­ma­tion tech­nol­ogy ex­ec­u­tive in­side Equifax. Webb is be­ing re­placed by Mark Rohrwasser, who most re­cently was in charge of Equifax’s in­ter­na­tional tech­nol­ogy oper­a­tions.

Equifax has been un­der in­tense pub­lic pres­sure since it dis­closed last week that hack­ers ac­cessed or stole the mil­lions of So­cial Se­cu­rity num­bers, birth dates and other in­for­ma­tion.

On Fri­day it gave its most de­tailed time­line of the breach yet, say­ing it no­ticed sus­pi­cious net­work traf­fic on July 29 as­so­ci­ated with its US on­line dis­pute por­tal web ap­pli­ca­tion. Equifax said it be­lieves the ac­cess oc­curred from May 13 through July 30.

Equifax had said ear­lier that it iden­ti­fied a weak­ness in an open-source soft­ware pack­age called Apache Struts as the tech­no­log­i­cal crack that al­lowed hack­ers to heist the data from the mas­sive data­base main­tained pri­mar­ily for lenders. That dis­clo­sure, made late Wed­nes­day, cast the com­pany’s dam­ag­ing se­cu­rity lapse in an even harsher light. The soft­ware prob­lem was de­tected in March and a rec­om­mended soft­ware patch was re­leased shortly af­ter­wards.

Equifax said its se­cu­rity of­fi­cials were “aware of this vul­ner­a­bil­ity at that time, and took ef­forts to iden­tify and to patch any vul­ner­a­ble sys­tems in the com­pany’s IT in­fra­struc­ture.”

The com­pany said it hired Man­di­ant, a busi­ness of­ten brought in to deal with ma­jor tech­nol­ogy se­cu­rity prob­lems at big com­pa­nies, to do a foren­sic re­view.

Equifax has been cas­ti­gated for how it has han­dled the breach, which it did not dis­close pub­licly for weeks after dis­cov­er­ing it.


Con­sumers call­ing the num­ber Equifax set up ini­tially com­plained of jammed phone lines and un­in­formed rep­re­sen­ta­tives, and ini­tial re­sponses from the web­site gave inconsistent re­sponses. The com­pany says it has ad­dressed many of those prob­lems. Equifax also said Fri­day it would con­tinue to al­low peo­ple to place credit freezes on their re­ports with­out a fee through Novem­ber 21. Orig­i­nally the com­pany of­fered fee-free credit freezes for 30 days after the in­ci­dent.

Equifax is fac­ing a myr­iad of in­ves­ti­ga­tions and class-ac­tion law­suits for this breach, in­clud­ing Con­gres­sional in­ves­ti­ga­tions, queries by the Fed­eral Trade Com­mis­sion and the Con­sumer Fi­nan­cial Pro­tec­tion Bureau, as well as sev­eral state at­tor­neys gen­eral. The com­pany’s CEO Richard Smith is sched­uled to tes­tify in front of Congress in early Oc­to­ber.

Three Equifax ex­ec­u­tives – not the ones who are de­part­ing – sold shares worth a com­bined US$1.8 mil­lion just a few days after the com­pany dis­cov­ered the breach, ac­cord­ing to doc­u­ments filed with se­cu­ri­ties reg­u­la­tors.

Equifax shares have lost a third of their value since it an­nounced the breach.


This July 21, 2012 file photo shows Equifax Inc of­fices in At­lanta.

Newspapers in English

Newspapers from Jamaica

© PressReader. All rights reserved.