- Equifax's chief information officer and chief security officer are retiring, the company announced Friday. Effective immediately, Mark Rohrwasser, the company's head of International IT operations, will take over for David Webb and serve as interim CIO. Russ Ayres, a vice president in IT at Equifax, will take over for Susan Mauldin and serve as interim CSO, reporting directly to Rohrwasser.
- Along with the personnel changes, Equifax provided more information on the data breach. The company said its security team discovered suspicious traffic on its U.S. dispute portal web application on July 29, and the following day it took the affected application offline, according to the announcement. On August 2, the company tapped Mandiant, an independent cybersecurity firm, to provide a comprehensive assessment of the impact of the breach.
- Equifax found consumers in the U.K. and Canada also had information compromised in the breach. The firm did not say how many Canadian consumers were impacted, but it announced last week 400,000 U.K. consumers were affected, CNN reports.
The change of Equifax C-suite leadership reflects the toll cybersecurity incidents can take on an organization. With Webb and Mauldin retiring, it is up to their successors to centralize technology leadership and ensure negative IT impact from the breach is contained.
While investigation into the scope of the breach is still ongoing, Equifax is doing what it can to contain the fallout. The company said it is taking short-term remediation steps to improve security but also wants to make long-term improvements. Overarching IT enhancements would also boost the company's security posture.
Equifax has a long way to go before the security spotlight disappears. With last week's revelations that the breach stemmed from an unpatched bug — a patch for which was available two months prior to the May security incident — criticism of Equifax's security team and response increased. Numerous lawsuits are in the pipeline, and Congress has promised to further investigate both the breach response and executives' sales of $1.8 million worth of shares just prior to the company announcing the breach.
Equifax now stands in data breach infamy, in company with the Office of Personnel Management, Target, Sony and Yahoo, all of which have some of the worst breaches on record. Because of the sensitive nature of the compromised information, the credit firm will have to make extensive and transparent improvements to its technology infrastructure to ensure it can maintain a customer base and soothe investor worries.