When Congress hauls in Equifax CEO Richard Smith to grill him over the recent Equifax dispute, it can start by asking why he put someone with degrees in music in charge of the company’s data security.
And then they might also ask him if anyone at the company has been involved in efforts to cover up Susan Mauldin’s lack of educational qualifications since the data breach became public.
It would be fascinating to hear Smith try to explain both of those extraordinary items.
A LinkedIn profile for Susan M. says she’s served in the CSO role since 2013. She previously worked at First Data Corporation, Sun Trust Banks and HP. She studied music in college and earned her MFA from the University of Georgia.
Now her Linkedin page, which was made private with her last name replaced with “M.”, two videos of interviews with Mauldin and a podcast of an interview have been removed from YouTube.
In last week Equifax dispute, the credit monitoring firm said that a security breach may have exposed the personal data of up to 143 million Americans. Vulnerable information includes names, Social Security numbers, birth dates, addresses and some driver’s license numbers.
Equifax is now under investigation by the FBI and the Federal Trade Commission. The state attorney general of Massachusetts has said she intends to sue the company. Class action suits are also pouring in.
Representative Jeb Hensarling, a Republican from Texas and chairman of the House Financial Services Committee, has said preparations for a congressional hearing on the hack are underway as well.
The company said Friday that its internal investigation is “still ongoing,” and that the company “continues to work closely with the FBI in its investigation.”
Ed Zitron, founder of media relations company EZPR, said he’s “confused” by how Equifax handled Friday’s retirement announcements.
“It’s strange that they didn’t name them [in the press release], then did name them [when asked],” he said of Equifax’s behavior. “That’s deeply weird to me.”
For him, the incident suggests that Equifax doesn’t have a plan to handle its mounting PR crisis.
“This is the first time that I felt they’re not totally together,” he said.
Zitron also noted Equifax’s use of the word “retire.”
“That’s a very different thing to being fired,” he said. “[Equifax’s] not naming them and letting them retire to me suggests that [Equifax] didn’t really want to blame anyone.”
Ronn Torossian, CEO of the public relations agency 5WPR, said that Equifax’s decision to have senior executives leave the company is a step in the right direction.
“It’s a start,” he said, but “they need to go further.”
Torossian said that Equifax “has a major credibility problem right now,” and that its failure to name names will only make it harder for the public to trust them.
“They need to be as transparent as possible,” he said.
Equifax which collects and aggregates information on over 800 million individual consumers and more than 88 million businesses worldwide, and founded in 1899 and based in Atlanta, Georgia, is the oldest of the three largest American credit agencies. However, hackers took advantage of an Equifax security vulnerability two months after an industry group discovered the coding flaw and shared a fix for it, raising questions about why Equifax didn’t update its software successfully when the danger became known. This became a source of the Equifax dispute and problems.
A week after Equifax revealed one of the largest breaches of consumers’ private financial data in history — 143 million consumers and access to the credit-card data of 209,000 — the industry group that manages the open source software in which the hack occurred blamed Equifax.
“They should have patched it as soon as possible, not to exceed a week. A typical bank would have patched this critical vulnerability within a few days,” said Pravin Kothari, CEO of CipherCloud, a cloud security company.
Proof of the Equifax dispute to protect customers, particularly when it had the tools and information to do so, is likely to further damage Equifax’s financial outlook with shares falling 2.5% after news of the FTC probe and are down 33% since it revealed the link.