Equifax said its chief executive officer Richard Smith will retire following a massive data breach at the credit reporting firm that exposed personal details of up to 143 million US consumers.
News of Smith's exit comes less than 10 days after the company's chief information officer and chief security officer also retired from the credit agency,
It also comes a week before Smith was expected to testify before a Senate Banking Committee about the cyber attack where hackers accessed its systems between mid-May and July, in one of the largest data breaches in the United States.
“At this critical juncture, I believe it is in the best interests of the company to have new leadership to move the company forward,” Smith said in a statement.
Some observers said the move was a positive first step, though several US senators looking into the cyber attack said the departure failed to remedy damage to the up to 143 million Americans whose data was compromised.
“A failure of this magnitude must have consequences,” said Paul Rosenzweig, a former Department of Homeland Security official who advises companies on cyber security.
“If the Equifax CEO had retained his job, cyber security would be seen as a joke everywhere in corporate America.”
Equifax said in a regulatory filing that it might claw back some of Smith’s compensation for this year, depending on results of the board’s investigation into the breach, which the company has said occurred between mid-May and July.
Smith is still eligible for US$18.4 million in retirement benefits, regardless of the results of the internal probe.
His resignation puts him among a small number of CEOs to lose their jobs due to a cyber breach, including the head of Target following a 2013 credit card hack.
In both cases the companies were unable to shake scrutiny that focused as much on their public response as the breach itself.
Equifax’s shares have fallen more than 30 percent since the disclosure of the breach amid mounting criticism from lawmakers, regulators and consumers about the hack and the company’s response to it.
At least 24 federal lawsuits have been filed in connection with the breach. Most will likely be combined into a single piece of nationwide litigation.
Equifax says the hackers exploited a vulnerability in the Apache Struts 2 web application framework to steal sensitive information from the company.