The chief executive of Equifax is retiring, the company said Tuesday, just weeks after the troubled credit reporting agency disclosed that it had suffered a massive data breach affecting as many as 143 million people.
Hamza Shaban of The Washington Post had the news:
The departure of Richard Smith comes as Equifax has drawn fire from countless consumers and dozens of federal lawmakers over its handling of the breach. Equifax announced earlier this month that hackers gained unauthorized access to sensitive personal data — Social Security numbers, birth dates and home addresses — for nearly half of the country. The company also faces multiple federal investigations over its handling of the hack and reports that executives sold an unusual amount of stock before the breach was publicly disclosed.
Equifax’s board of directors appointed board member Mark Feidler to serve as the company’s nonexecutive chairman, the company said in a statement Tuesday. Paulino do Rego Barros Jr., who led the company’s Asia Pacific division, will become the interim chief executive.
“The cybersecurity incident has affected millions of consumers, and I have been completely dedicated to making this right,” Smith said in the statement. “At this critical juncture, I believe it is in the best interests of the company to have new leadership to move the company forward.”
Smith, 57, had been the chairman and chief executive since 2005, after spending 22 years at General Electric. During Smith’s time at Equifax, the company’s stock price had soared 200 percent, and its market value swelled from $3 billion to $20 billion. Smith also expanded the company’s business into 24 countries.
Liz Moyer of CNBC.com reports that Smith will walk away with $18.4 million in pension benefits:
The credit reporting company said he was retiring effective immediately and he wouldn’t get a bonus for this year, though he is eligible to walk away with at least $18.4 million in pension benefits.
Some said Tuesday his departure should have happened more quickly. Wells Fargo dispatched its former CEO last year, one month after regulators said thousands of its employees opened millions of fake deposit and credit card accounts to meet aggressive sales goals.
Target‘s former CEO held on for four months before leaving in May 2014 in the wake of a major data breach at the retailer in late 2013. But Anthem’s CEO did not leave that company after a 2015 data breach that exposed personal information for 79 million people. The second-largest U.S. insurer recently settled with victims of the hack for $115 million, the biggest data breach settlement yet.
What struck people as different about Equifax’s situation was the company’s bungled response to its crisis. For starters, Equifax waited 40 days from the time it discovered the breach in late July to its public disclosure on Sept. 7.
Ron Lieber and Stacy Cowley of The New York Times reported that the company’s candidates for the next CEO have been depleted:
There was a problem, though. The roster of possible replacements had been depleted by the fallout from the cyberattack, which had compromised the personal information of much of the adult population of the United States.
Some top contenders were considered tainted, according to two people briefed on the board’s deliberations. Three of the company’s senior executives, including the head of its largest division and the chief financial officer, are under scrutiny for selling stock after the breach was discovered but before it had been disclosed to the public.
Equifax spent five more days limping through the crisis before announcing on Tuesday that the chief executive, Richard F. Smith, would retire.