Equifax CEO Steps Down Amid Hacking Scandal (cnbc.com) 74
An anonymous reader quotes a report from CNBC: Richard Smith, CEO and chairman of Equifax, abruptly retired Tuesday following a data breach at the credit-reporting service that affected the personal information of 143 million people. Smith, who was 57 as of the company's proxy statement in March, became CEO and chairman in 2005 after 22 years at General Electric in senior roles in various divisions. He is to appear at a hearing of the Senate Banking Committee on Oct. 4 and is the only person scheduled to testify. He is also scheduled to testify next week at a hearing of the House Energy and Commerce Committee. Smith's salary for 2016 was $1.45 million and his bonus was $3.045 million. In a regulatory filing on Tuesday, the company said Smith will not get a bonus for this year and any other decisions regarding how his departure has been characterized or how much the company owes him will be deferred until the board completes an independent review of the breach and the response to it. In a separate report, CNBC notes that Smith could walk away with at least $18.4 million in pension benefits. The company is looking for a new CEO, naming its Asia-Pacific head to take on the interim CEO role.
Knock, knock (Score:1)
Anybody home?
Re: Knock, knock (Score:4, Funny)
Sorry about that, it was either the NSA in retaliation for the story about their spying or the Kremlin after the story about their dirty tricks or maybe those new technical folks we hired from Equifax aren't quite up to speed.
Re: (Score:1)
SSL cert is invalid. Expired some time in January. Whoops!
Either that or it's because someone posted a couple links to Pirate Bay in the Star Trek story, CBS/Netflix doesn't like that.
Re:like Arthur Andersen became Accenture amid scan (Score:5, Informative)
like arthur andersen becoming Accenture amid the Enron scandal
Accenture split from Arthur Andersen in 1989. The Enron scandal was 13 years later, and Accenture was not involved.
Re: (Score:1)
"...equifax will close its doors and rename and retool..."
Why not, they've done it before and gotten away with it. Retail Credit Company renamed itself Equifax after a series of scandals, including extortion and bribery, brought them in front of Congress, which led to the Fair Credit Reporting Act of 1970. Equifax was the specific target.
A few executives ending up in Prison, or perhaps retiring, due to accidents while they were cleaning their guns, would be a good start to the flushing down of these Institu
Re: (Score:2)
Andersen. GP got it right - don't they even teach you how to copy at DeVry?
Re: (Score:1)
Yea but it really isn't a problem because you can just manually configure things back to a working state.
Evading the Prosecutors (Score:5, Insightful)
The CEO isn't being accused of insider trading, but I imagine resigning is intended to reduce the likelihood that criminal charges will be brought against him. If your business is being an information broker, and securing people against problems involving that data, then it's not just the CSO's responsibility to secure your data. If this data leak led to a sudden explosion of identity theft, and a corresponding outcry blaming Equifax, then there'd be pressure to do something more than slap some C-levels on the wrist 5 years down the line after appeals. I'm sure Equifax is carefully weighing if it'd cost them more or less credibility to shut down after selling their name and assets to a 'new' company that carries none of the liability for these breaches, seem to recall Hostess did that.
Re: (Score:2)
well if theres enough of an explosion of ID theft that makes their credit rating service useless.
I mean more useless, since those companies don't check that the debt exists anyways or that there's anybody with paperwork to back the debt up anyways.
Re: (Score:2)
You're kidding? They'll just charge more and offer protection/alerts as a premium add-on service.
I wouldn't be surprised if they come out of this ahead.
Re: (Score:2)
You're kidding? They'll just charge more and offer protection/alerts as a premium add-on service.
I wouldn't be surprised if they come out of this ahead.
Corporate/crypto-capitalism demands that they profit from the breach. It's one of those economic ground truths we proles don't understand.
Re:Evading the Prosecutors (Score:5, Funny)
(Equifax) - "Hello! Nice to meet you! I understand you're interested in buying our assets."
(Buyer) - "Yes, we are! We just have to get through some background stuff. How's your credit score?"
Re: (Score:2)
(Equifax) - "Well, we did run into some cash flow problems recently"
(Buyer) - "Oh that should not impact our decision too much (pull up credit rating) ....Oh, well that's not good. Okay, now we we need to do a criminal background check (pulls up criminal background). Are you kidding me!!!! How come you are not in jail right now?"
Re: (Score:3)
They own TDX Group in Nottingham, could invert that takeover..
Did extent of damage finally sink into CEO's mind? (Score:5, Interesting)
And last week he was still clinging on by throwing their CIO and CSO under the bus. Given the multiple instances of criminally neglient way Equifax handle the aftermath and violation of basic security principles would it be that he finally comprehended the extent of their screw up?
It's not unlikely that entitled CEOs with his Ivory Tower buddies thought at first that this "PR Disaster" could be solved by a few fall guys, maybe a statement of non-apology or two, a free website and threw in some freebie reporting (that costs Equifax almost zero marginal cost) and he could ride out this 6-12 months.
Perhaps he finally grasped that at best, the company is ruined. It is probable that a few person (perhaps even CxO level) is going to jail like Enron execs - the fiduciary duty to 143 million people are even heavier that that of Enron, it's virtually any and all USA working people with a minimal "economic participartion".
Or worst case scenario in his POV, he realized might had nuclear-Armagaddoned the whole private / consumer Credit industry. After virtually all economically active people in the USA has been compromised there are little ways for any agencies to vet credit worthiness anymore at a low cost way for numerous years. Then the damage flow down to all Financial institutions (who can'teven know who is who and can't decide whether to even do business with eager customers) and to less extent, all employers and other individuals (like landlords), and the whole financial market will either need a total overhaul or suffer a meltdown............ Possibly a total overhaul AFTER meltdown. At that point, he should fear for his life and flee... cough I mean retire to a tropical island and stepping down from CEO and fleeing from the burning house known as Equifax is a prudent start.
Toughing It Out (Score:5, Interesting)
When the news of the breach became public, the Board of Directors likely knew that there would be scalps. It is not clear if the trading of shares by some of their number [between the breach being discovered and being made public] was common knowledge or not.
However, we should not be surprised to see the Chief Executive ask the CIO and CSO to step down. The aim of anyone operating at a CxO or board level is to minimise disruption. The more executives that get fired, the worse the message being sent to shareholders and clients - something which will directly impact the CEO in their pocket, because, of course, they are major shareholders thanks to their "packages"...
So although it looks to us, from the outside, as though the CEO threw two of his former colleagues "under the bus" [and I am sure there are cases where office politics makes that the expedient thing to do] there is an equal chance that they were simply trying to protect themselves. When the decision to fire these two former colleagues was made, the CEO was obviously hoping that they could weather the storm and continue to collect their fat pay check for a bit longer. In fact - given the nature of megalomania that seems to infect board rooms these days, they were no doubt planning how to use this to their advantage by demanding "stretch objectives" tied to their next bonus that included strengthening their IT and Security disciplines - which they would then claim to have achieved by simply hiring someone else...
Lastly, the final possible reason for the CEO asking for these resignations / firing these former colleagues, is to try and head off any form of criminal sanction. If we remember back to the accounting scandals at Enron, the scale of the malpractice there was sufficient for the Sarbanes-Oxley act to be introduced. This act includes provisions for mandatory jail time for CEOs and board level management/directors if it is found that a company is materially mis-representing their financial position, or failing to adequately disclose risks. It is highly likely that there will be attempts at shareholder lawsuits in the wake of this incident, since investors will argue that they would not have invested in the company had they known about the poor security practices that led to the breach.
All of this takes this to the weird situation in which it is likely that other CEOs, CIOs, CTOs across corporate America would actually be encouraging the termination of these three Equifax executives. Their reason will be self-preservation. If these three decided to tough it out, their belligerence could easily be what is necessary to force a US legislator to propose tightening the laws in a way that increases the legal liability on directors and senior management of publicly traded companies. This is the very last thing that other CxOs want to see happen - so from their perspective the Equifax incident must "stop the rot". We could summarize their view as, "Don't tip the gravy train off the tracks... Go quiet for a couple of months and then someone will offer you some executive directorships..."
Amid the clamour demanding that "something must be done", a termination or resignation is going to infinitely preferable to jail time.
Re: (Score:3)
The only reason people went to jail over Enron is because rich people lost money over it. That didn't happen here.
Re: Did extent of damage finally sink into CEO's m (Score:2)
How charmingly naive. Upper class people don't go to jail. Rest assured, the millions rotting in the Gulag are all plebs like us.
Re: (Score:2)
Agreed - the whole IT department should go to jail
Re: (Score:3)
My guess that the CEO and the other top officials (CIO, CSO) probably mutually negotiated an orchestrated exit strategy. The CEO was probably necessary to grease the skids of the exit plans for the CIO & CSO, while the CEO's golden parachute only required pre-approval by the board and could be deployed at any time.
So in a mood of mutual defense and at the risk of mutual destruction, they coordinated a strategy that left them all leaving with maximum exit packages and minimizing personal liability. The
Re: (Score:2)
A key component of the Prisoner's Dilemma is that the "prisoners" can't communicate with each other. If they can, then it's easy to agree to collude and beat the "cops", as you describe here.
Re:Did extent of damage finally sink into CEO's mi (Score:4, Informative)
None of that will happen none. This guy will quietly disappear to his multi-million dollar estate until the general public mostly forgets his name. After which point he will decide if he wants to come out of retirement or not, if he chooses to go back to work a buddy of his will invite him to buy into a seat on a board of directors somewhere where he can start drawing a nice salary and quickly recoup his investment in the stock he had to buy.
That is how this works. Enron was only different because it literally resulting in massive job losses localized to a few communities, and the lights had to be turned off in some buildings. Finally a bunch of public pensions got hit by that one. It was impossible for the public to ignore those things some nobles had to actually be sacrificed. Wont happen this time because nobody can really even show they were specifically damaged by these breaches.
Re: (Score:2)
There is also one other distinction here is relevant. The Enron guys criminality was the proximate cause of that incident. They were cooking the books. With these breach the criminals are the third party hackers. Its possible the CXOs violated some SEC rules by selling stock before disclosure but that wasn't the cause of the breach....
Unless it was. I really can see this entire thing being a kind of a reverse-pump-and-dump. The stocks are certain to take a big hit on the breach announce and will prob
Re:Did extent of damage finally sink into CEO's mi (Score:4, Insightful)
On a semi-related note as a non-American, I've always found the setup of the american credit rating system to be weird in the context of american individualism/consumer-culture. Like, I understand why these companies exist and why lenders want access to such data, but it's interesting to me that they're allowed to collect and maintain these databases and hand out information without any consent from the individuals. This to me goes very much against the principles of the free market, where the consumer himself should have control over which services he's using to handle his credit.
Here in Finland we have a credit rating system that works so that credit rating companies only collect information on failed payments. That's, there's no 'positive' credit rating score for anyone, only negative marks on those who've failed to pay and have had a court order for the debt to be collected, or who're over 60 days late on payment. Once the debts have been successfully collected the entry is deleted in 2-5 years and the person again has a 'clean' credit rating. Banks and financial institutions can and do always check these records when they're processing a loan/credit application, but any further info like monthly income etc. has to be provided for them by the customer via their bank/employer.
Of course this is slightly more tedious than the american system as in it takes more effort from the individual than the american model, but in so far as i can see this has 2 major benefits:
1) It avoids weak points like this Equifax thing when sensitive information is not stored en mass by private companies but rather remains in the control of the consumer
2) It doesn't encourage people to use credit as much. Granted, my understanding of the American model is limited, so I may be mistaken, but it's my understanding that in order to improve one's credit score in the US, many people buy stuff more on credit to get their score up even if they have money to pay out of pocket and could use a debit card.
A sensible credit raring system in my opinion should not be encouraging people to take debt so that they can take more debt in the future, nor should it place such sensitive and valuable information to the hands of 3rd parties without consent.
Re: Did extent of damage finally sink into CEO's m (Score:2)
Are you sure about that? As a citizen, I've had to deal with credit rating agencies in Europe and they seem to work pretty much the same way. Most of them are public, and there's some private ones too.
Only the Nordic countries have a public negative-only rating system but private systems have slowly become available since they joined the EU.
Re: (Score:2)
He should not be allowed to resign (Score:4, Funny)
but made to stay there and face the music. As it is he will just run and become CEO of some other outfit that he will also fail to manage properly.
Re: (Score:2)
He'll probably get enough of a payoff that he doesn't need to work ever again.
Re: (Score:2)
How do you stop someone from resigning? I know you can penalize them, but I am curious how you not allow them to resign.
Wow, That's a Lot of Millions (Score:3)
Comment removed (Score:4, Funny)
Is that all? (Score:2)
He steps down after selling his stock before it was announced tens of millions of people's personal information was compromised.
Where are the lawsuits against him? When will the SEC file insider trading charges against him and the rest of the executives who sold their stock? Where are the calls for him to be drawn and quartered?
I have said this on my other places regarding this story: no one at the top will pay a price for this breach. No one will go to jail. No one will have to give back the money they m
Re: (Score:2)
CEO = head cheerleader (Score:3)
I don't know if everyone understands this, but board-level executives at large companies don't do much beyond promoting the company and "providing vision." They rely on their army of foot soldiers to do the actual work, so none of them are actually involved in daily operations. It only makes sense that the CIO and CSO were sacrificial lambs, and now the CEO as well. It's what you sign up for in these positions. Your job consists of making a few key decisions after seeing 3 options provided by a management consultant, running around the world speaking and doing CxO things, collecting a huge salary and perks package, and cheerleading for the company. (And, most big-company executives server on several corporate boards of directors.) The implied rule is that if something bad happens, it might be your turn to be scapegoat...which is fine because you'll be paid a severance package and can just jump to the next company.
The interesting thing is that scandals like this are going to be a huge win for the cloud promoters... "Look at Equifax, even they can't keep their data safe. Our cloud is way safer." And with most CIOs I know being risk minimizers, write-a-check outsourcers and unable to listen to their underlings, cloud providers will see a huge benefit.
Re: (Score:1)
Where does one apply for that? I seem to have been qualified, maybe over qualified, since about age 12.
Fixed it for you. (Score:2)
and any other decisions regarding how his departure has been characterized or how much the company owes him will be deferred until [snip]the board completes an independent review of the breach and the response to it[/snip]
unitl the media shitstorm blows over and he can be marked a non-insider so that the details of the golden parachute can be hidden from the public view for ever citing privacy laws.
Fixed it for you.
The banks and lenders are the true culprits. (Score:2)
It is because the banks want to lend without checking and when the face a loss they want to blame someone else. How can you reasonably expect me to make sure no one in this whole damned world masquerades as me in some unknown state with some unknown lending institutions?
Re: (Score:2)
When my identity was stolen, the criminals opened up a Capital One card in my name using a web application form. They had my name, address, SSN, and date of birth. What they didn't have was my mother's maiden name. They put down something that wasn't even close to being rig
Re: (Score:2)
Sorry, but you are completely wrong. (Score:3)
The reason that banks demand so much information from you if you want to open and account, or borrow money, or have a credit or debit card, is because the governments recognise that opening false accounts using fake identities is one of the best methods of laundering money from criminal schemes. So, for example, the United States Government demands that anyone operating in the US must comply with OFAC
not much of a position (Score:2)
Who would want to be their new CEO, considering the title pretty much just means "the guy that will need to testify to Congress while the company is torn apart by class action suits".
Actually.. (Score:2)
Wish I could screw up massively (Score:3)
Viral campaign for the next Mr.Robot season (Score:1)
But only after.... (Score:2)
in related news... (Score:2)
it is reported that the ex-CEO of Equifax has had his name changed to Bambi Dancer, the SSN changed to 666-666-6666, and his bank accounts have been emptied. chuckling computer experts we contacted said, "aw, geez, poor guy. how'd that happen?"
Really? (Score:2)
Just business-as-usual then Slashdot? Nothing about the massive outage over the past three days?
Nothing at all?