Equifax executives out after massive hack

The officials were in charge of information and security when hackers stole 143 million consumer records from company systems.

Laura Hautala Former Senior Writer
Laura wrote about e-commerce and Amazon, and she occasionally covered cool science topics. Previously, she broke down cybersecurity and privacy issues for CNET readers. Laura is based in Tacoma, Washington, and was into sourdough before the pandemic.
Expertise E-commerce | Amazon | Earned wage access | Online marketplaces | Direct to consumer | Unions | Labor and employment | Supply chain | Cybersecurity | Privacy | Stalkerware | Hacking Credentials
  • 2022 Eddie Award for a single article in consumer technology
Laura Hautala
2 min read
Close-up of the upper corner of a consumer credit report from the credit bureau Equifax, with text reading Credit File and Personal Identification. Equifax executives in charge of information and security have resigned, the company announced Friday, one week after it announced a massive theft of consumer information from its systems.

Equifax executives in charge of information and security "are retiring," the company said Friday, one week after it announced a massive theft of consumer information from its systems.

Smith Collection/Gado/Getty Images

Two higher-ups at Equifax are leaving the company in the wake of a hack of personal records for up to 143 million people.

Equifax Chief Security Officer Susan Mauldin and Chief Information Officer David Webb "are retiring," the credit reporting firm announced in a press release Friday, adding that the changes are "effective immediately." 

"Equifax's internal investigation of this incident is still ongoing and the company continues to work closely with the FBI in its investigation," the statement read.

The data theft, first reported last week, caused outrage among consumer advocates and lawmakers who demanded answers on how the hack happened. On Thursday, the Federal Trade Commission confirmed it had launched an investigation of the incident, and US Sen. Elizabeth Warren introduced a bill the same day that would prevent credit rating agencies from charging consumers for credit freezes. 

Equifax previously said the company believes hackers infiltrated its systems through a software bug called Apache Struts. A patch for the problem was made available in March, and Equifax has said the hacking attack occurred in May, leading critics to question whether Equifax fixed the software bug in a timely manner.

Equifax hasn't clarified whether it had patched the problem when the data was stolen.

"While Equifax fully understands the intense focus on patching efforts, the company's review of the facts is still ongoing. The company will release additional information when available," the company said in its statement Friday.

The Smartest Stuff: Innovators are thinking up new ways to make you, and the things around you, smarter.

iHate: CNET looks at how intolerance is taking over the internet.