This probably shouldn’t come as a big surprise to anyone, but two executives from Equifax are “retiring”. Yes, that’s right. Chief Information Officer, David Webb and Chief Security Officer Susan Maudlin have decided to retire. This comes at a really interesting time, considering the enormous security breach that we found out about a couple weeks ago. I like to keep reminding you that the breach is estimated to have affected 43 million Americans. We have all seen this, though. There’s someone in your office who suddenly announces their “retirement”. Maybe it’s when there’s a change of management. Or, like in this case, when something gets so royally effed up that there’s no turning back. And that’s what is happening now. Or at least those are my thoughts on this announcement.
In a post on Equifax’s investor website, the company has said that the “personnel changes are effective immediately”. And honestly, no one decides to retire immediately. We know that the hackers were able to access an internal database of consumer information by exploiting a critical flaw in open source web server software Apache Struts. Though Apache Struts developers first identified and fixed the bug in March, Equifax never patched its system. Months later in May, hackers gained access to Equifax records and continued to exploit the flaw until the company’s security team noticed the breach in late July.
I keep going back to this, for which I apologize. But three senior Equifax executives were allowed to sell off over a million dollars of stock in early August. Merely days after they became aware of the problem. Equifax has gone on record saying that the managers in question, weren’t aware of the breach at the time. But it certainly seems extremely convenient, don’t you think? Especially since Equifax shares are taking a dive. Honestly, I’m not surprised.
The Federal Trade Commission (FTC) has confirmed that it is investigating Equifax. The Senate Finance Committee has separately requested that the company provide a detailed timeline of events related to the hack. Of particular interest to the Senate are the strangely timed trades (thank you), as well as whether Equifax’s The Work Number payroll database, containing millions of public and private employees’ information was also compromised. This second part confuses me just a bit. So the Senate Finance Committee is more concerned about the privacy of “millions” of private employee data, than the 143 million people that were also exposed? Maybe I’m missing something here. Or I don’t understand this, but this seems a bit silly to me.
My assumption is that all of the data that the employees could have had stolen, would be just as sensitive as those that were stolen from others. Maybe the issue is that this is a way to get Equifax to be accountable. Perhaps the Senate Committee is able to do an end run around Equifax, by exposing an internal employment concern. But I do feel like this is just as bad as what happened to everyone else. Like I said, it’s likely all the same information. So why is the Senate Finance Committee so concerned about employees in this instance? I am curious to know what’s going to happen to Equifax, honestly. They don’t seem to have a lot going for themselves right now, and with many pressures breathing down their necks it’s only a matter of time before something big happens.