Equifax CEO Smith bows out
Credit-reporting giant still in hot water
Equifax CEO and Chairman Richard Smith may be gone, but consumer and government criticism and scrutiny of the credit-reporting giant’s massive cyberbreach continues to mount.
At least one sign of potential new government action against Equifax surfaced within hours of the company’s leadership shakeup. Federal Trade Commission responses to questions from Sen. Mark Warner, D-Va., signaled that the cyberbreach could prompt sanctions against the company, which is operating under an FTC consent decree related to improper handling of consumer information.
The federal regulator said it is “considering whether any FTC order covers the practices at issue and, if so, what remedies may be available. A party that is found to have violated an FTC order may be subject to contempt sanctions and civil penalties.”
Separately, Equifax also faces: uAn investigation by the Consumer Financial Protection Bureau, which in January ordered Equifax and TransUnion, two of the three largest U.S. credit-reporting firms, to pay $23.1 million collectively in consumer restitution and fines for deceptions about the usefulness and true cost of credit sold to consumers.
uA lawsuit filed last week by the Massachusetts Attorney General’s office that alleges the company knew about electronic vulnerabilities yet failed to protect consumer data. The New York Attorney General’s office is conducting a similar investigation.
uFirst-ever regulations of the company and other credit-reporting firms by the New York Department of Financial Services. The regulations require the companies to meet cybersecurity standards and empower the agency’s superintendent to refuse to renew their registrations in some cases.
uScheduled and expected hearings on Capitol Hill. The proceedings include a Tuesday hearing by the House Subcommittee on Digital Commerce and Consumer Protection. Smith is expected to testify and answer questions about the cyberbreach.
Most congressional action so far has focused on getting Equifax’s explanations of how the cyberbreach occurred, details on electronic safeguards the company had in place and what the company plans to do besides the offer of free credit monitoring and identity-theft protection.
Rep. Greg Walden, R- Ore., who chairs the House Committee on Energy and Commerce, acknowledged the possibility of new federal regulations in a recent CNBC interview about Equifax. But he also sounded a cautionary note about over-regulating, citing a need to “get the facts first, the policy second, but always put the consumer ahead of both.”
Smith, 57, a 12-year Equifax veteran, bowed out Tuesday amid the continuing fallout from its Sept. 7 disclosure that hackers executed an electronic attack that compromised personal data for 143 million Americans — nearly half the U.S. population.
The company said it would delay decisions on his financial benefits and that Smith would forgo a 2017 bonus.
Equifax board member Mark Feidler was named the company’s new non-executive chairman. Paulino do Rego Barrow, a sevenyear Equifax veteran, was appointed interim CEO. It said it is searching for a permanent successor.
Smith is the third top executive to leave since the cyberbreach. Equifax announced similarly sudden retirements for its chief information officer and chief security officer earlier this month.
On Tuesday, Equifax said a newly formed special committee of board members is examining the company’s security precautions and other issues surrounding the cyberbreach that has sent the company’s stock price tumbling. “The board remains deeply concerned about and totally focused on the cybersecurity incident,” Feidler said in a statement issued with the leadership change. “We are working intensely to support consumers and make the necessary changes to minimize the risk that something like this happens again. Speaking for everyone on the board, I sincerely apologize.”
The electronic intrusion occurred from mid-May through July 2017 and primarily involved names, Social Security numbers, birth dates, addresses and, in some cases, driver’s license numbers, Equifax said.
Additionally, the hackers gained access to credit-card numbers for roughly 209,000 consumers, plus certain dispute documents with personal identifying information for approximately 182,000 consumers.
Equifax also identified unauthorized access to limited personal information for certain residents of the United Kingdom and Canada.
The company has also been criticized for delays and other problems with the free credit monitoring and ID theft protection it offered to consumers.