Equifax’s massive data breach has claimed another victim—Richard Smith, the company’s CEO and Chairman of the Board. Equifax announced that Smith has retired from effective Sept. 26.
“The cyber-security incident has affected millions of consumers, and I have been completely dedicated to making this right,” Smith stated. “At this critical juncture, I believe it is in the best interests of the company to have new leadership to move the company forward.”
Equifax announced on Sept. 7 that it was the victim of a data breach the exposed personally identifiable information on 143 million Americans. The company initially reported that it first became aware of the breach on July 29, though subsequent reports have alleged that the company was breached as early as March.
Smith had been the CEO of Equifax since 2005 and was earning a base salary of $1.45 million a year. He stands to get up to $18.4 million in retirement benefits as well as lifetime health coverage. Smith is being replaced by two different Equifax executives, with current Board member Mark Feidler taking over as Non-Executive Chairman, while Paulino do Rego Barros, Jr. has been named as interim Chief Executive Officer as a search for a permanent CEO begins.
“The Board remains deeply concerned about and totally focused on the cyber-security incident,” Feidler stated. “We are working intensely to support consumers and make the necessary changes to minimize the risk that something like this happens again.”
Smith is the third Equifax executive to retire in the wake of the data breach disclosure. On Sept. 15 the company announced that Chief Information Officer David Webb and Chief Security Officer Susan Mauldin were retiring.
Though the attackers behind the breach have not yet been publicly identified for apprehension by law enforcement, the root cause of the breach has been disclosed. The attackers were able to make use of the CVE-2017-5638 vulnerability in the open-source Apache Struts framework that was patched by the Apache Struts project in March 2017.
The U.S. Federal Trade Commission (FTC) as well as the House Oversight Committee are currently investigating Equifax and its data security practices. The Securities and Exchange Commission (SEC) is also investigating the breach to determine if Equifax insiders violated insider trading laws by selling stock after they found out about the breach, but before it was announced to the general public.
Equifax is not the first company to have its senior executive team depart after a major data breach. In 2014, Target’s CEO Gregg Steinhafel left his company five months after a data breach at the retail chain put the personal information of more than 70 million American consumers at risk.
Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.