Two Equifax executives — Chief Information Officer David Webb and Chief Security Officer Susan Mauldin — are “retiring” in the wake of a security breach that allowed hackers to run off with financial and other private information for an estimated 143 million Americans.
In a post on Equifax’s investor website, the company said the “personnel changes are effective immediately.”
Earlier this week, the credit reporting firm explained that hackers were able to access an internal database of consumer information by exploiting a critical flaw in open-source web server software Apache Struts.
Though Apache Struts developers first identified and fixed the bug in March, Equifax never patched its system. Months later in May, hackers gained access to Equifax records and continued to exploit the flaw until the company’s security team noticed the breach in late July.
Three senior Equifax executives sold off over a million dollars of stock in early August, days after the company said it became aware of the problem. Equifax says the managers in question — chief financial officer John Gamble, president of US information solutions Joseph Loughran and president of workforce solutions Rodolfo Ploder — were not aware of the breach at the time.
The Federal Trade Commission has confirmed it is investigating Equifax in the wake of the incident, while the Senate Finance Committee has separately requested the company provide a detailed timeline of events related to the hack.
Of particular interest to the Senate are the strangely timed trades, as well as whether Equifax’s The Work Number payroll database containing millions of public and private employees’ information was compromised.