Equifax CEO Richard Smith retires following massive cyber attack

SPH Brightcove Video
Equifax said its Chief Executive Officer Richard Smith will retire following a massive data breach that exposed personal details of 143 million Americans.
Equifax disclosed earlier this month that personal details of up to 143 million US consumers were accessed by hackers between mid-May and July, in one of the largest data breaches in the United States. PHOTO: REUTERS

NEW YORK (AFP) - Equifax chief executive and chairman Richard Smith stepped down on Tuesday (Sept 26) in the wake of a massive hack of the consumer credit rating service.

The company tapped longtime Equifax executive Paulino do Rego Barros as interim chief executive while it undertakes a search for a new leader following the massive data breach from mid-May through July that was disclosed earlier this month.

The hack resulted in the theft of personal information from 143 million US customers.

The origins of the attack are not known, but analysts say it could have been directed by any number of cyber-criminal groups or nation-states, for financial gain or for espionage purposes.

Smith will "retire" from both roles effective immediately, the company said.

"At this critical juncture, I believe it is in the best interests of the company to have new leadership to move the company forward," Smith said.

Mark Feidler, a board member who was named non-executive chairman, said the board is "totally focused" on the cyber-security incident.

Equifax disclosed the breach Sept 7, saying hackers obtained names, social security numbers, birth dates, addresses and, in some instances, driver's licence numbers from the database, potentially opening up victims to identity theft.

The company said credit card numbers were compromised for some 209,000 US consumers, as were credit dispute documents for 182,000 people.

The breach is seen as one of the worst ever, because of the sensitivity of the data leaked and the potential for identity theft.

A regulatory filing on the shakeup Tuesday said Smith would waive any right to an annual bonus under his contract and would provide "reasonable assistance" to the company without compensation for 90 days.


Senator Elizabeth Warren said Smith's departure does not diminish the need for answers about the breach and its consequences.

"I've called for Equifax executives to be held accountable for their role in failing to stop this data breach and hiding it from the public for 40 days," the Massachusetts lawmaker said in a statement.

"It's not real accountability if the CEO resigns without giving back a nickel in pay and without publicly answering questions." Warren said she still expects Smith to appear before congressional hearings on the incident.

"The American public deserves answers about what went wrong at Equifax and what the company plans to do going forward," she said.

Last week, two other Equifax executives, its chief information officer and chief security officer, stepped down as the company began its review of the hack.

The US Federal Trade Commission and congressional investigators have opened probes into the incident and the FBI said it was "tracking the situation as appropriate." Equifax is also facing a slew of lawsuits from consumers, investors and businesses who rely on the service.

Some analysts said the delay in reporting the breach to the public raised troubling questions, and stock sales by senior executives during that period added to those concerns.

An Equifax spokesman said the executives who sold shares "had no knowledge that an intrusion had occurred at the time they sold their shares."

Join ST's Telegram channel and get the latest breaking news delivered to you.