Smith Collection/Gado/Getty Images
Equifax CEO Richard Smith announced he is stepping down on Tuesday, the latest repercussion for the company following a massive cyberattack.
The departure comes three weeks after the company initially announced the breach. As a credit monitoring service, Equifax holds data on nearly every single American who has a credit card or has applied for a loan.
Smith oversaw Equifax as it was hit by a massive data breach that could touch nearly half the US population — up to 143 million Americans could be affected. The company said it had failed to patch a security flaw that dated back to March, which allowed hackers to break into its servers and steal millions of Social Security numbers, names and addresses.
“The cybersecurity incident has affected millions of consumers, and I have been completely dedicated to making this right,” Smith said in a statement released to investors on Tuesday. “I believe it is in the best interests of the company to have new leadership to move the company forward.”
The Equifax incident is among the largest hacks in US history and the biggest known leak of this year. In 2013, Yahoo is said to have lost data on roughly 1 billion accounts.
While Equifax sets its own house in order, the world at large has to reckon with a recurring wave of cybersecurity lapses and the seeming inability of businesses and government agencies to erect adequate defenses. Among the latest incidents: On Monday, consulting firm Deloitte said it had been hit with a cyberattack that may have revealed the emails of its high-powered clients, and the US Securities and Exchange Commission disclosed that a 2016 may have helped hackers pad their stock portfolios.
That new leadership at Equifax is interim CEO Paulino do Rego Barros Jr., who oversaw Equifax’s Asia Pacific department, and has been with the company for seven years. Equifax is still searching for a new CEO.
He’ll have to deal with the list of security issues that Equifax faces, as well as investigations from the Federal Trade Commission and Congress.
Equifax will testify to Congress on Oct. 3, but it’s unclear whether Smith or the new interim CEO will appear. Equifax did not respond to a request for clarification.
Smith isn’t the only executive to leave in the cyberattack’s wake. Equifax’s chief information officer and chief security officer left on Sept. 15.
Equifax has been facing public scorn and scrutiny since Smith announced the breach on Sept. 7. The company learned of the hack on July 29, but waited more than a month to warn its affected victims.
Its chief financial officer, John W. Gamble Jr., sold $1.8 million in Equifax shares just a few days after the company learned about the breach, but weeks before it was announced to the public.
Equifax’s handling of the crisis has raised questions. Legal concerns popped up with its hack checker, not to mention the easily spoofed URL that Equifax accidentally tweeted out.
The credit monitoring agency also will have to deal with multiple investigations and lawsuits, like the Massachusetts attorney general suing the company, as well as a class-action lawsuit coming out of both Georgia and Oregon.
Along with Smith’s departure, Equifax said it is creating a special committee to deal with its breach to and manage cybersecurity incidents in the future.
Originally published Sept. 26 at 6:28 a.m. PT.
Updated at 6:55 a.m. PT: Added background information and details.
The Smartest Stuff: Innovators are thinking up new ways to make you, and the things around you, smarter.
Tech Enabled: CNET chronicles tech’s role in providing new kinds of accessibility.