Equifax’s chief information officer and chief security officer are out

Equifax’s chief information officer and chief security officer are retiring, the company announced Friday.

The “personnel changes” are effective immediately, Equifax said in a release. The statement did not include the names of these executives.

In response to a CNNMoney inquiry, the company said Susan Mauldin is retiring as chief security officer and Dave Webb is retiring as chief information officer.

LinkedIn profile for Susan M. says she’s served in the CSO role since 2013. She previously worked at First Data Corporation, Sun Trust Banks and HP. She studied music in college and earned her MFA from the University of Georgia.

Webb joined Equifax in 2010, according to his company bio. He previously served as chief operations officer at Silicon Valley Bank and as a vice president at Goldman Sachs. Before earning his MBA, Webb earned a bachelor’s degree in Russian from the University of London.

Last week, the credit monitoring firm said that a security breach may have exposed the personal data of up to 143 million Americans. Vulnerable information includes names, Social Security numbers, birth dates, addresses and some driver’s license numbers.

Equifax is now under investigation by the FBI and the Federal Trade Commission. The state attorney general of Massachusetts has said she intends to sue the company. Class action suits are also pouring in.

Representative Jeb Hensarling, a Republican from Texas and chairman of the House Financial Services Committee, has said preparations for a congressional hearing on the hack are underway as well.

The company said Friday that its internal investigation is “still ongoing,” and that the company “continues to work closely with the FBI in its investigation.”

The breach occurred between mid-May and July, according to Equifax. The company said it discovered the hack on July 29, but only made that fact public last week.

Equifax’s subsequent response has come under fire.

Initially, the company required those who signed up for its credit monitoring to give up some of their rights to sue. And the firm has been slow to keep those affected in Britain and Canada in the loop.

Equifax said in a statement last week that there had been “unauthorized access to limited personal information for certain U.K. and Canadian residents.”

But the company waited until Friday to provide more details to the 400,000 Brits who may have had their information compromised.

Ed Zitron, founder of media relations company EZPR, said he’s “confused” by how Equifax handled Friday’s retirement announcements.

“It’s strange that they didn’t name them [in the press release], then did name them [when asked],” he said of Equifax’s behavior. “That’s deeply weird to me.”

For him, the incident suggests that Equifax doesn’t have a plan to handle its mounting PR crisis.

“This is the first time that I felt they’re not totally together,” he said.

Zitron also noted Equifax’s use of the word “retire.”

“That’s a very different thing to being fired,” he said. “[Equifax’s] not naming them and letting them retire to me suggests that [Equifax] didn’t really want to blame anyone.”

Ronn Torossian, CEO of the public relations agency 5WPR, said that Equifax’s decision to have senior executives leave the company is a step in the right direction.

“It’s a start,” he said, but “they need to go further.”

Torossian said that Equifax “has a major credibility problem right now,” and that its failure to name names will only make it harder for the public to trust them.

“They need to be as transparent as possible,” he said.

 

Related links:

Equifax data breach: What you need to know

Equifax data breach could impact 143 million US consumers

How to check if your information is part of Equifax cybersecurity breach