Equifax CEO Resigns Amid Hacker Cybersecurity Breach Fallout
Equifax Chairman and CEO Richard Smith retired today amid continued fallout from the company’s massive cybersecurity breach. The move comes nearly a month after the credit checking service disclosed a breach impacting 143 million U.S. consumers. The company’s security issues have also impacted consumers in Canada and Europe, though on a smaller scale.
“The cybersecurity incident has affected millions of consumers, and I have been completely dedicated to making this right. At this critical juncture, I believe it is in the best interests of the company to have new leadership to move the company forward,” Smith conceded.
Equifax and Smith modified his employment agreement yesterday, according to an SEC filing. Under terms of that updated agreement, Smith exited today and will not receive a bonus for this year. Moreover, “all decisions relating to the characterization of Mr. Smith’s departure and any obligations or benefits owed to Mr. Smith under the Employment Agreement or any plan, program, policy, or practice of the Company will be deferred until the Board of Directors completes” a review of the cybersecurity incident, the updated agreement states.
Current Board member Mark Feidler will now serve as Non-Executive Chairman. Paulino do Rego Barros, Jr., who most recently served as President, Asia Pacific, and is a seven-year veteran of the company, has been appointed as interim CEO, the company said. The board is now pursuing a permanent CEO replacement and will consider candidates from inside and outside the company, the company announced.
Equifax: Unpatched Server Triggers Business Crisis
Smith is the latest in a growing list of Equifax executives to exit following the breach. The company’s CIO and chief information security officer ‘retired’ earlier this month.
The high-profile Equifax hack seemingly was easily preventable. It involved an unpatched Apache software platform. Equifax was aware of the patch and is investigating why the software fix was not applied ahead of the breach.