Senior executives to leave Equifax following security breach

Equifax announced Friday two senior executives were retiring -- its chief information officer and chief security officer -- a week after it revealed a late July data breach that may have compromised the personal information of about 143 million U.S. consumers. Photo by Rhona Wise/EPA-EF

Sept. 17 (UPI) — Two senior executives at Equifax are exiting the company following the announcement earlier this month that the personal information of 143 million U.S. consumers may have been compromised by a data breach on the company’s servers.

The company announced Friday that its chief information officer and chief security officer would be retiring, with Mark Rohrwasser appointed interim CIO and Russ Ayres appointed interim CSO. Equifax also released additional details about the data breach.

Ayres, who was previously vice president of the IT organization at Equifax, will report to Rohrwasser, who previously was responsible for the company’s international IT operations.

The retiring of now-former CSO Susan Mauldin and CIO Dave Webb comes a week after Equifax announced a breach of data for about 143 million U.S. consumers, including their names, Social Security numbers, birth dates, addresses and, for some, driver’s license numbers.

In the days after the breach was announced, Equifax waived fees for 30 days to allow customers to implement freezes on their accounts.

The Senate Finance Committee on Tuesday requested a detailed account of the scope of the breach, what was exposed and whether the company is capable of detecting and stopping such breaches.

Equifax released additional information about the breach, saying it was detected on July 29 when suspicious network traffic was detected, and then blocked, on the company’s dispute web portal. The next day, suspicious activity was detected again and the company took the affected web application offline.

Equifax said a review of the incident led to discovery of a vulnerability in the Apache Struts web application framework, which was patched before being put back online.

On August 2, Equifax also contracted the cybersecurity firm Mandiant. Over the course of a month, Mandiant identified the unauthorized activity on Equifax’s network, revealing how many of its clients’ data had been compromised.

The company said that, in addition to the changes of CSO and CIO, it continues to explore ways to improve its security.

“Equifax has taken short-term remediation steps, and Equifax continues to implement and accelerate long-term security improvements,” the company said.


Please enter your comment!
Please enter your name here