Key Equifax executives departing after huge data breach - Spokane, North Idaho News & Weather KHQ.com

Key Equifax executives departing after huge data breach

Posted: Updated:
NEW YORK, NY -

Equifax announced late Friday that its chief information officer and chief security officer would leave the company immediately, following the enormous breach of 143 million Americans' personal information.

The credit data company - under intense pressure since it disclosed last week that hackers accessed the Social Security numbers, birthdates and other information - also released a detailed, if still muddled, timeline of how it discovered and handled the breach.

Equifax said that Susan Mauldin, who had been the top security officer, and David Webb, the chief technology officer, are retiring. Mauldin, a college music major, had come under media scrutiny for her qualifications in security. Equifax did not say in its statement what retirement packages the executives would receive.

Mauldin is being replaced by Russ Ayers, an information technology executive inside Equifax. Webb is being replaced by Mark Rohrwasser, who most recently was in charge of Equifax's international technology operations.

Equifax also provided its most detailed timeline of the breach yet, although it raised as many questions as it answered.

The tale began on July 29, when the company's security team detected suspicious network traffic associated with the software that ran its U.S. online-dispute portal. After blocking that traffic, the company saw additional "suspicious activity" and took the portal's software offline.

At this point, Equifax's retelling grows cloudy. The company said an internal review then "discovered" a flaw in an open-source software package called Apache Struts used in the dispute portal, which it then fixed with a software patch. It subsequently brought the portal back online.

But that vulnerability had been known publicly since early March 2017, and a fix was available shortly thereafter - facts that Equifax acknowledged in its Friday statement. The company did not say why the software used in the online-dispute portal hadn't been patched earlier, although it claimed that its security organization was "aware" of the software flaw in March, and that it "took efforts" to locate and fix "any vulnerable systems in the company's IT infrastructure."

It apparently missed at least one vulnerable system. The closest Equifax gets to explaining that? "While Equifax fully understands the intense focus on patching efforts, the company's review of the facts is still ongoing," according to its statement.

After patching the dispute-portal's software, Equifax hired Mandiant, a computer-security firm, to do a forensic review. That effort determined that hackers had access to Equifax systems from May 13 through July 30.

Equifax has been castigated for how it has handled the breach, which it did not disclose publicly for weeks after discovering it.

Consumers calling the number Equifax set up initially complained of jammed phone lines and uninformed representatives, and initial responses from the website gave inconsistent responses. The company says it has addressed many of those problems. Equifax also said Friday it would continue to allow people to place credit freezes on their reports without a fee through Nov. 21. Originally the company offered fee-free credit freezes for 30 days after the incident.

Equifax is also facing several inquiries and class-action lawsuits, including Congressional investigations, queries by the Federal Trade Commission and the Consumer Financial Protection Bureau, as well as several state attorneys general. The company's CEO Richard Smith is scheduled to testify in front of Congress in early October.

Three Equifax executives - not the ones who are departing - sold shares worth a combined $1.8 million just a few days after the company discovered the breach, according to documents filed with securities regulators.

Equifax shares have lost a third of their value since it announced the breach.

___

AP Technology Editor David Hamilton in San Francisco contributed to this report.

(Copyright 2017 The Associated Press. All rights reserved. This material may not be published, broadcast, rewritten or redistributed.)

  • Most Popular StoriesMost Popular StoriesMore>>

  • 22-year-old Sandpoint man dies in Clayton 395 crash

    22-year-old Sandpoint man dies in Clayton 395 crash

    Saturday, July 21 2018 1:58 AM EDT2018-07-21 05:58:53 GMT

    STEVENS COUNTY, Wash. - Washington State Patrols responded to a fatal crash in Stevens County Friday evening. On SR-395 in Clayton near Mile Post 185, a vehicle crossed the center line and crashed head on with another car, killing the driver. The causing driver who was transported to the hospital is in custody for vehicular homicide. There were no other occupants of either vehicle. 

    >>

    STEVENS COUNTY, Wash. - Washington State Patrols responded to a fatal crash in Stevens County Friday evening. On SR-395 in Clayton near Mile Post 185, a vehicle crossed the center line and crashed head on with another car, killing the driver. The causing driver who was transported to the hospital is in custody for vehicular homicide. There were no other occupants of either vehicle. 

    >>
  • Amazon.com to bring more than 1,500 jobs to Spokane

    Amazon.com to bring more than 1,500 jobs to Spokane

    Friday, July 20 2018 8:37 PM EDT2018-07-21 00:37:29 GMT

    SPOKANE, Wash. - Seattle-based Amazon.com is opening a fulfillment center in Spokane, promising more than 1,500 full-time jobs.    The company announced on Friday that it was opening its first fulfillment center in eastern Washington.    The 600,000-square foot center will be built near the Spokane International Airport.

    >>

    SPOKANE, Wash. - Seattle-based Amazon.com is opening a fulfillment center in Spokane, promising more than 1,500 full-time jobs.    The company announced on Friday that it was opening its first fulfillment center in eastern Washington.    The 600,000-square foot center will be built near the Spokane International Airport.

    >>
  • Court docs: Kootenai Behavioral Health therapist charged with rape, abuse of underage patient

    Court docs: Kootenai Behavioral Health therapist charged with rape, abuse of underage patient

    Saturday, July 21 2018 1:02 AM EDT2018-07-21 05:02:56 GMT

    COEUR D'ALENE, Idaho - A therapist at Kootenai Behavior Health is accused of having sex with an underage patient "hundreds of times" according to court documents. He's been charged with rape and sexual abuse, and is currently on administrative leave from the hospital during the investigation.

    >>

    COEUR D'ALENE, Idaho - A therapist at Kootenai Behavior Health is accused of having sex with an underage patient "hundreds of times" according to court documents. He's been charged with rape and sexual abuse, and is currently on administrative leave from the hospital during the investigation.

    >>
HD DOPPLER 6i
/
  • Top Stories from KHQHomeMore>>

  • 22-year-old Sandpoint man dies in Clayton 395 crash

    22-year-old Sandpoint man dies in Clayton 395 crash

    Saturday, July 21 2018 1:58 AM EDT2018-07-21 05:58:53 GMT

    STEVENS COUNTY, Wash. - Washington State Patrols responded to a fatal crash in Stevens County Friday evening. On SR-395 in Clayton near Mile Post 185, a vehicle crossed the center line and crashed head on with another car, killing the driver. The causing driver who was transported to the hospital is in custody for vehicular homicide. There were no other occupants of either vehicle. 

    >>

    STEVENS COUNTY, Wash. - Washington State Patrols responded to a fatal crash in Stevens County Friday evening. On SR-395 in Clayton near Mile Post 185, a vehicle crossed the center line and crashed head on with another car, killing the driver. The causing driver who was transported to the hospital is in custody for vehicular homicide. There were no other occupants of either vehicle. 

    >>
  • Buckshot fire near Mattawa now 50 percent contained

    Buckshot fire near Mattawa now 50 percent contained

    Saturday, July 21 2018 1:10 AM EDT2018-07-21 05:10:26 GMT

    MATTAWA, Wash. -Washington DNR now says the Buckshot fire burning near Mattawa is 20 percent contained Friday morning. The fire size remains at 1,000 acres as crews continue to work. 

    >>

    MATTAWA, Wash. -Washington DNR now says the Buckshot fire burning near Mattawa is 20 percent contained Friday morning. The fire size remains at 1,000 acres as crews continue to work. 

    >>
  • Court docs: Kootenai Behavioral Health therapist charged with rape, abuse of underage patient

    Court docs: Kootenai Behavioral Health therapist charged with rape, abuse of underage patient

    Saturday, July 21 2018 1:02 AM EDT2018-07-21 05:02:56 GMT

    COEUR D'ALENE, Idaho - A therapist at Kootenai Behavior Health is accused of having sex with an underage patient "hundreds of times" according to court documents. He's been charged with rape and sexual abuse, and is currently on administrative leave from the hospital during the investigation.

    >>

    COEUR D'ALENE, Idaho - A therapist at Kootenai Behavior Health is accused of having sex with an underage patient "hundreds of times" according to court documents. He's been charged with rape and sexual abuse, and is currently on administrative leave from the hospital during the investigation.

    >>