CNN reports this as a “sudden retirement,” but the Associated Press dispenses with the euphemisms. After one of the most dangerous hacks in consumer history, Equifax CEO Richard Smith has hit the bricks, and clearly not by choice. Smith is the third executive to head out the door after the company finally disclosed the scandal:
Credit reporting agency Equifax is ousting CEO Richard Smith in an effort to clean up the mess left by a damaging data breach that exposed highly sensitive information about 143 million Americans. …
Although many analysts had applauded Equifax’s performance under Smith, he and the rest of his management team had come under fire for lax security and its response to the breach.
Smith’s departure follows the abrupt retirement of Equifax’s chief security officer and chief information officer.
Smith lasted twelve years at the top. Equifax told investors that they will launch a talent search for his permanent successor starting immediately:
Equifax (EFX) said it has launched a search for a new CEO to guide it through what is likely to be a turbulent period. In the meantime, the company has tapped Paulino do Rego Barros Jr., an executive from its Asia Pacific division, to serve as interim CEO.
Equifax’s board also formed a special committee to focus on the breach and ensure “all appropriate actions are taken.”
Had Smith done that immediately after the hack, he might still be CEO. If some of his underlings hadn’t sold off stock at a suspiciously advantageous moment while the company was still keeping the hack secret, Smith might not have come under fire at all. As one analyst told NBC News this morning, Smith’s role as CEO didn’t have much to do directly with cybersecurity:
Consumer advocates and security experts said that while Smith’s retirement was a step in the right direction it didn’t solve key underlying problems.
“Equifax is trying to change the optics by a rapid move to sacrifice king as well as a few knights,” Ed Mierzwinski, Senior Fellow for U.S. PIRG, a Washington-based advocacy group, told NBC News in an email. Only action by Congress and the CFPB would suffice to keep up pressure on the credit reporting marketplace, he said.
“The CEO has very little to do with cybersecurity; ultimately he just approves a budget,” a cybersecurity expert told NBC News. “Fresh faces will roll in, but they will find themselves constrained by the budgetary restraints.”
That may have been part of the problem. Want to bet that the next CEO takes a lot more interest in cybersecurity? Take the over if you do. Whoever takes the job will find that to really be a singular focus, and not by choice:
The Federal Trade Commission, Securities and Exchange Commission and Consumer Federal Protection Bureau, along with state attorneys general is at least 40 states, are investigating the Equifax cyberattack. The breach has also spurred talk of tighter regulations on credit bureaus, which include Experian and Transunion (TRU).
The buck stops at the top. Regardless of whether Smith dealt directly with the issue, the hack and the lack of honesty afterward was his responsibility. Add to that the bumbling response and the attempt to hoodwink consumers into waiving their legal options, and Smith served up an utter disaster. At least in the private sector, accountability for such failures still exists. For now.