Key Equifax Execs Depart Amid Questions in Data Breach

Marco Green
September 21, 2017

The way Equifax executives and its IT security team appears to have failed to adequately apply patches, the amount of time it took to discover the depth of the breach and the delay in ultimately reporting it certainly paints a picture of a colossal failure at all levels, including the curiosly timed stock sales by top executives (who deny knowledge of the breach at the time of the sale) just days before the disclosure, reported by Bloomberg. Russ Ayres, previously VP of IT organization at Equifax, replaces Mauldin as interim Chief Security Officer.

Equifax said Tuesday that approximately 100,000 Canadian consumers may have had their personal information compromised in the massive cyberattack on the credit data company that was revealed this month. Effective immediately, Mark Rohrwasser, the company's head of International IT operations, will take over for David Webb and serve as interim CIO.

On Friday - the same day two key executives retired immediately - it gave its most detailed timeline of the breach yet, saying it noticed suspicious network traffic associated with its US online dispute portal web application on July 29.

Equifax also provided its most detailed timeline of the breach yet, although it raised as many questions as it answered.

Equifax has also announced that it is making several personnel changes following its initial assessment of the data breach. "The company will release additional information when available", it said. It subsequently brought the portal back online. The closest Equifax gets to explaining that? But as its investigation continued, it determined it was almost three times that amount, according to the report, which also noted the company registered the domain for customers to seek information.

"Due to the nature of the information, Equifax believes identity takeover is unlikely for the United Kingdom consumers who had their data potentially accessed in this incident". Equifax acknowledges that bug was disclosed in early March 2017.

After patching the dispute-portal's software, Equifax hired Mandiant, a computer-security firm, to do a forensic review.

Consumers calling the number Equifax set up initially complained of jammed phone lines and uninformed representatives, and initial responses from the website gave inconsistent responses. Equifax also said Friday it would continue to allow people to place credit freezes on their reports without a fee through November 21. Originally the company offered fee-free credit freezes for 30 days after the incident. The company's CEO Richard Smith is scheduled to testify in front of Congress in early October.

Equifax shares have lost a third of their value since it announced the breach.

Other reports by Click Lancashire

Discuss This Article