Coverage: Equifax executives depart amid growing scandal

Equifax announced late Friday that its chief information officer and chief security officer would leave the company immediately, following the enormous breach of 143 million Americans’ personal information.

Ken Sweet of the Associated Press had the news:

The credit data company — under intense pressure since it disclosed last week that hackers accessed the Social Security numbers, birthdates and other information — also released a detailed, if still muddled, timeline of how it discovered and handled the breach.

Equifax said that Susan Mauldin, who had been the top security officer, and David Webb, the chief technology officer, are retiring. Mauldin, a college music major, had come under media scrutiny for her qualifications in security. Equifax did not say in its statement what retirement packages the executives would receive.

Mauldin is being replaced by Russ Ayers, an information technology executive inside Equifax. Webb is being replaced by Mark Rohrwasser, who most recently was in charge of Equifax’s international technology operations.

Dustin Volz and Diane Bartz of Reuters reported that Equifax has hired an outside firm to investigate:

The company also confirmed that Mandiant, the threat intelligence arm of the cyber firm FireEye, has been brought on to help investigate the breach. It said Mandiant was brought in on Aug. 2 after Equifax’s security team initially observed “suspicious network traffic” on July 29.

The company has hired public relations companies DJE Holdings and McGinn and Company to manage its response to the hack, PR Week reported. Equifax and the two PR firms declined to comment on the report.

Equifax’s share prices has fallen by more than a third since the company disclosed the hack on Sept. 7. Shares shed 3.8 percent on Friday to close at $92.98.

U.S. Senator Elizabeth Warren, who has built a reputation as a fierce consumer champion, kicked off a new round of attacks on Equifax on Friday by introducing a bill along with 11 other senators to allow consumers to freeze their credit for free. A credit freeze prevents thieves from applying for a loan using another person’s information.

Bryan Logan of Business Insider reported that Equifax has admitted that the breach could have been prevented:

The company said there was no evidence of a breach into its core consumer or commercial credit reporting databases, and has since admitted that the source of the breach was a software flaw that could have been prevented.

Three Equifax executives sold nearly $2 million in company stock just days after the breach.

The company said the executives “had no knowledge” of the incident beforehand, according to an emailed statement from the credit-monitoring agency.

Some US lawmakers have called for an investigation of the breach, with Equifax’s CEO expected to testify before Congress over the matter, and the company’s shares have plunged in the days since it was disclosed.

The breach could be one of the biggest in the United States, Reuters reported. Last December, Yahoo said more than one billion user accounts were compromised in August 2013, while in 2014 eBay had urged 145 million users to change their passwords following a cyber attack.