The Equifax data breach affecting 143 million Americans happened because the company failed to install a security patch in computer code, a vulnerability industry experts identified months prior to the hack. Mark Rohrwasser will replace Webb and will be responsible for worldwide technology operations.
The retiring of now-former CSO Susan Mauldin and CIO Dave Webb comes a week after Equifax announced a breach of data for about 143 million US consumers, including their names, Social Security numbers, birth dates, addresses and, for some, driver’s license numbers.
On Thursday, the Federal Trade Commission, one of two agencies with regulatory oversight responsibilities for Equifax, took the unusual step of announcing it is investigating the company.
The Senate Finance Committee on Tuesday requested a detailed account of the scope of the breach, what was exposed and whether the company is capable of detecting and stopping such breaches. It also presented Friday a litany of security efforts it made after noticing suspicious network traffic on July 29.
The Atlanta-based company, one of the nation’s three key credit bureaus that track individuals’ credit histories, said late Wednesday that hackers breached a vulnerable spot in a US website application called Apache Struts CVE-2017-5638.
On August 2, Equifax also contracted the cybersecurity firm Mandiant.
The public has been pressurizing Equifax since last week when it revealed that hackers had stolen their personal data.
The 18-year-old foundation said it is an all-volunteer organization that produced open-source Java applications for government and business users, including Fortune 100 companies.