Slashdot Mirror
Equifax CEO Steps Down Amid Hacking Scandal (cnbc.com)
An anonymous reader quotes a report from CNBC: Richard Smith, CEO and chairman of Equifax, abruptly retired Tuesday following a data breach at the credit-reporting service that affected the personal information of 143 million people. Smith, who was 57 as of the company's proxy statement in March, became CEO and chairman in 2005 after 22 years at General Electric in senior roles in various divisions. He is to appear at a hearing of the Senate Banking Committee on Oct. 4 and is the only person scheduled to testify. He is also scheduled to testify next week at a hearing of the House Energy and Commerce Committee. Smith's salary for 2016 was $1.45 million and his bonus was $3.045 million. In a regulatory filing on Tuesday, the company said Smith will not get a bonus for this year and any other decisions regarding how his departure has been characterized or how much the company owes him will be deferred until the board completes an independent review of the breach and the response to it. In a separate report, CNBC notes that Smith could walk away with at least $18.4 million in pension benefits. The company is looking for a new CEO, naming its Asia-Pacific head to take on the interim CEO role.
Anybody home?
just kick the can down the street.... i knew equifax was a target like any other big data warehouse... not surprised. it sucks.
like arthur andersen becoming Accenture amid the Enron scandal, so shall equifax. equifax will close its doors and rename and retool and if like Arthur Andersen foreign based HQ, will remove itself from the US.
i just wish the credit reporting companies would fix our credit rating since the 2008 mortgage crisis carte blanche because of WF telling everyone to stop making papyments to trigger a short sale.. in doing so... over 120 late is stuck and WF said they did not recommend it yet told everyone to do it, and now equifax and others have it pegged on your record that it was my fault not WF for going over 120...
yep, cry me a river.. thank you equifax for giving me another reason to file a complaint... and have my data breached..
the saying goes.. it's not if your data is breached, it is when you find out it was...
Did the systemd switch give some troubles?
like arthur andersen becoming Accenture amid the Enron scandal
Accenture split from Arthur Andersen in 1989. The Enron scandal was 13 years later, and Accenture was not involved.
The CEO isn't being accused of insider trading, but I imagine resigning is intended to reduce the likelihood that criminal charges will be brought against him. If your business is being an information broker, and securing people against problems involving that data, then it's not just the CSO's responsibility to secure your data. If this data leak led to a sudden explosion of identity theft, and a corresponding outcry blaming Equifax, then there'd be pressure to do something more than slap some C-levels on the wrist 5 years down the line after appeals. I'm sure Equifax is carefully weighing if it'd cost them more or less credibility to shut down after selling their name and assets to a 'new' company that carries none of the liability for these breaches, seem to recall Hostess did that.
Corruption is convincing someone that the selfless ideal is the same as their selfish ideal.
And last week he was still clinging on by throwing their CIO and CSO under the bus. Given the multiple instances of criminally neglient way Equifax handle the aftermath and violation of basic security principles would it be that he finally comprehended the extent of their screw up?
It's not unlikely that entitled CEOs with his Ivory Tower buddies thought at first that this "PR Disaster" could be solved by a few fall guys, maybe a statement of non-apology or two, a free website and threw in some freebie reporting (that costs Equifax almost zero marginal cost) and he could ride out this 6-12 months.
Perhaps he finally grasped that at best, the company is ruined. It is probable that a few person (perhaps even CxO level) is going to jail like Enron execs - the fiduciary duty to 143 million people are even heavier that that of Enron, it's virtually any and all USA working people with a minimal "economic participartion".
Or worst case scenario in his POV, he realized might had nuclear-Armagaddoned the whole private / consumer Credit industry. After virtually all economically active people in the USA has been compromised there are little ways for any agencies to vet credit worthiness anymore at a low cost way for numerous years. Then the damage flow down to all Financial institutions (who can'teven know who is who and can't decide whether to even do business with eager customers) and to less extent, all employers and other individuals (like landlords), and the whole financial market will either need a total overhaul or suffer a meltdown............ Possibly a total overhaul AFTER meltdown. At that point, he should fear for his life and flee... cough I mean retire to a tropical island and stepping down from CEO and fleeing from the burning house known as Equifax is a prudent start.
but made to stay there and face the music. As it is he will just run and become CEO of some other outfit that he will also fail to manage properly.
The Asia-Pacific head was named the interim CEO because it was an inside job by Chinese interests to maintain leverage over the US consumers, and there are still a few loose ends that need to be cleaned up. Look for a move of HQ and many assets off-shore soon.
For those people not actually serving on the board [or boards] of a top multinational company, the environment experienced [enjoyed?] by those at the top will be utterly alien. Like high political office, the principle motivators are going to be power and money - and as much of both as possible.
When the news of the breach became public, the Board of Directors likely knew that there would be scalps. It is not clear if the trading of shares by some of their number [between the breach being discovered and being made public] was common knowledge or not.
However, we should not be surprised to see the Chief Executive ask the CIO and CSO to step down. The aim of anyone operating at a CxO or board level is to minimise disruption. The more executives that get fired, the worse the message being sent to shareholders and clients - something which will directly impact the CEO in their pocket, because, of course, they are major shareholders thanks to their "packages"...
So although it looks to us, from the outside, as though the CEO threw two of his former colleagues "under the bus" [and I am sure there are cases where office politics makes that the expedient thing to do] there is an equal chance that they were simply trying to protect themselves. When the decision to fire these two former colleagues was made, the CEO was obviously hoping that they could weather the storm and continue to collect their fat pay check for a bit longer. In fact - given the nature of megalomania that seems to infect board rooms these days, they were no doubt planning how to use this to their advantage by demanding "stretch objectives" tied to their next bonus that included strengthening their IT and Security disciplines - which they would then claim to have achieved by simply hiring someone else...
Lastly, the final possible reason for the CEO asking for these resignations / firing these former colleagues, is to try and head off any form of criminal sanction. If we remember back to the accounting scandals at Enron, the scale of the malpractice there was sufficient for the Sarbanes-Oxley act to be introduced. This act includes provisions for mandatory jail time for CEOs and board level management/directors if it is found that a company is materially mis-representing their financial position, or failing to adequately disclose risks. It is highly likely that there will be attempts at shareholder lawsuits in the wake of this incident, since investors will argue that they would not have invested in the company had they known about the poor security practices that led to the breach.
All of this takes this to the weird situation in which it is likely that other CEOs, CIOs, CTOs across corporate America would actually be encouraging the termination of these three Equifax executives. Their reason will be self-preservation. If these three decided to tough it out, their belligerence could easily be what is necessary to force a US legislator to propose tightening the laws in a way that increases the legal liability on directors and senior management of publicly traded companies. This is the very last thing that other CxOs want to see happen - so from their perspective the Equifax incident must "stop the rot". We could summarize their view as, "Don't tip the gravy train off the tracks... Go quiet for a couple of months and then someone will offer you some executive directorships..."
Amid the clamour demanding that "something must be done", a termination or resignation is going to infinitely preferable to jail time.
The only way one of these scammers will go out of business is if they lose the data, as in lose access to it, not just have a leak.
"...equifax will close its doors and rename and retool..."
Why not, they've done it before and gotten away with it. Retail Credit Company renamed itself Equifax after a series of scandals, including extortion and bribery, brought them in front of Congress, which led to the Fair Credit Reporting Act of 1970. Equifax was the specific target.
A few executives ending up in Prison, or perhaps retiring, due to accidents while they were cleaning their guns, would be a good start to the flushing down of these Institutional Assholes.
I even hope that Richard Smith's Family ends up on the street giving blowjobs to hobos. They can't be that oblivious to his character, notwithstanding the example of the current and temporary occupant of 1600 Pennsylvania Avenue.
>like arthur andersen becoming Accenture amid the Enron scandal
Accenture split from Arthur Anderson and was initially called Anderson Consulting. AC was the useful (and profitable) part of the company. I don't think they split from AA because of Enron.
Sure would suck for him if anyone stole his identity information.
I'm trying to teach myself to set people on fire with my mind... Is it hot in here?
Andersen. GP got it right - don't they even teach you how to copy at DeVry?
Confucius say, "Find worm in apple - bad. Find half a worm - worse."
I believe that's called "getting out while the getting's good".
Also known as, "leaving the suckers in the dust".
Send me a job offer for the CIO
These guys have no clue.
Patches, testing, reading patch notes, vulnerabilities.
All the stuff LifeLock offers should be done by Equifax for all customers at no charge for the next decade
Plus it sounds like even if I screw up the benefits are awesome
You can screw over 143.000.000 people without any issue, but when you screw over a few people with insider trading info, you are going to jail.
Also see that asswipe that increased prices for medicine times 900. Steal from the poor, not an issue. Steal from the rich, we have laws against that.
But I guess that giving power and money to the 1% is the only alternative of not becoming a socialist, because that would be worse, right? (That was sarcasm)
Don't fight for your country, if your country does not fight for you.
The only reason people went to jail over Enron is because rich people lost money over it. That didn't happen here.
note that it's a "hacking scandal" not a culture of ignoring basic data security practices
That wasnt stepping down, That was jumping out of the way of a 143million pound freight train thats about to hit...
They split up in 1989 (sort of, it was a very complex arrangement with a bizarre profit sharing arrangement), but didn't change their name to Accenture until 2000 - previously the Andersen Consulting name was used and it was considered to be a valuable asset. In 2000 at work, I retrieved one of the Accenture presentations from the printer whilst getting my own document. The last page said in large, bold type: "Under no circumstances mention that until last year we were called Andersen Consulting:"
So while they may not have been involved functionally, they were very much involved reputationally.
He steps down after selling his stock before it was announced tens of millions of people's personal information was compromised.
Where are the lawsuits against him? When will the SEC file insider trading charges against him and the rest of the executives who sold their stock? Where are the calls for him to be drawn and quartered?
I have said this on my other places regarding this story: no one at the top will pay a price for this breach. No one will go to jail. No one will have to give back the money they made selling their stock. Whatever fine Equifax will have to pay will be insignificant. All we will hear is how Equifax takes the security of people's information seriously.
Publicly traded Company. This is covered under Sarbanes-Oxley. The two that "resigned" and the CEO signed SEC documents that with what has happened can land them in prison for a bit over it. Might want to look under what happens when you make certifications about things that you should be disclosing on your form 10-Q filings and didn't, because this was a reportable risk item. Not just the break in, but the weakening/failure of fiduciary duty and due diligence on security for this data. A CSO shouldn't be just a "manager" at this level and they should've disclosed the risk of someone without the right backgrounds being in that gig. The CIO should've red-flagged this to the BoD and didn't. That also should've been reported unde SBOX. It very much wasn't.
My guess that the CEO and the other top officials (CIO, CSO) probably mutually negotiated an orchestrated exit strategy. The CEO was probably necessary to grease the skids of the exit plans for the CIO & CSO, while the CEO's golden parachute only required pre-approval by the board and could be deployed at any time.
So in a mood of mutual defense and at the risk of mutual destruction, they coordinated a strategy that left them all leaving with maximum exit packages and minimizing personal liability. They kind of beat the prison's dilemma scenario, where one of them could have potentially flipped on the other, but they were rational enough to recognize it made no sense to throw accusations and just pay everybody off.
I'd imagine that speeches were given to the board that all of it was in the best interest of the corporation because fighting their packages would have resulted in turmoil and damaging accusations of negligence.
None of that will happen none. This guy will quietly disappear to his multi-million dollar estate until the general public mostly forgets his name. After which point he will decide if he wants to come out of retirement or not, if he chooses to go back to work a buddy of his will invite him to buy into a seat on a board of directors somewhere where he can start drawing a nice salary and quickly recoup his investment in the stock he had to buy.
That is how this works. Enron was only different because it literally resulting in massive job losses localized to a few communities, and the lights had to be turned off in some buildings. Finally a bunch of public pensions got hit by that one. It was impossible for the public to ignore those things some nobles had to actually be sacrificed. Wont happen this time because nobody can really even show they were specifically damaged by these breaches.
Repeal the 17th Amendment TODAY! Also Please Read http://www.gnu.org/philosophy/right-to-read.html
Comment removed based on user account deletion
I don't know if everyone understands this, but board-level executives at large companies don't do much beyond promoting the company and "providing vision." They rely on their army of foot soldiers to do the actual work, so none of them are actually involved in daily operations. It only makes sense that the CIO and CSO were sacrificial lambs, and now the CEO as well. It's what you sign up for in these positions. Your job consists of making a few key decisions after seeing 3 options provided by a management consultant, running around the world speaking and doing CxO things, collecting a huge salary and perks package, and cheerleading for the company. (And, most big-company executives server on several corporate boards of directors.) The implied rule is that if something bad happens, it might be your turn to be scapegoat...which is fine because you'll be paid a severance package and can just jump to the next company.
The interesting thing is that scandals like this are going to be a huge win for the cloud promoters... "Look at Equifax, even they can't keep their data safe. Our cloud is way safer." And with most CIOs I know being risk minimizers, write-a-check outsourcers and unable to listen to their underlings, cloud providers will see a huge benefit.
On a semi-related note as a non-American, I've always found the setup of the american credit rating system to be weird in the context of american individualism/consumer-culture. Like, I understand why these companies exist and why lenders want access to such data, but it's interesting to me that they're allowed to collect and maintain these databases and hand out information without any consent from the individuals. This to me goes very much against the principles of the free market, where the consumer himself should have control over which services he's using to handle his credit.
Here in Finland we have a credit rating system that works so that credit rating companies only collect information on failed payments. That's, there's no 'positive' credit rating score for anyone, only negative marks on those who've failed to pay and have had a court order for the debt to be collected, or who're over 60 days late on payment. Once the debts have been successfully collected the entry is deleted in 2-5 years and the person again has a 'clean' credit rating. Banks and financial institutions can and do always check these records when they're processing a loan/credit application, but any further info like monthly income etc. has to be provided for them by the customer via their bank/employer.
Of course this is slightly more tedious than the american system as in it takes more effort from the individual than the american model, but in so far as i can see this has 2 major benefits:
1) It avoids weak points like this Equifax thing when sensitive information is not stored en mass by private companies but rather remains in the control of the consumer
2) It doesn't encourage people to use credit as much. Granted, my understanding of the American model is limited, so I may be mistaken, but it's my understanding that in order to improve one's credit score in the US, many people buy stuff more on credit to get their score up even if they have money to pay out of pocket and could use a debit card.
A sensible credit raring system in my opinion should not be encouraging people to take debt so that they can take more debt in the future, nor should it place such sensitive and valuable information to the hands of 3rd parties without consent.
"It is the business of the future to be dangerous" -Alfred North Whitehead
Equifax voltage too high ... doesn't seem so. The Kings traditional solution to this behavior - - "draw and quarter" - - would be more forthright. Likewise - - "nailed to city gate" - - ah for the good 'ol dayz.
and any other decisions regarding how his departure has been characterized or how much the company owes him will be deferred until [snip]the board completes an independent review of the breach and the response to it[/snip]
unitl the media shitstorm blows over and he can be marked a non-insider so that the details of the golden parachute can be hidden from the public view for ever citing privacy laws.
Fixed it for you.
sed -e 's/Chuck Norris/Rajnikant/g' joke > fact
Are you sure about that? As a citizen, I've had to deal with credit rating agencies in Europe and they seem to work pretty much the same way. Most of them are public, and there's some private ones too.
Only the Nordic countries have a public negative-only rating system but private systems have slowly become available since they joined the EU.
Custom electronics and digital signage for your business: www.evcircuits.com
It is because the banks want to lend without checking and when the face a loss they want to blame someone else. How can you reasonably expect me to make sure no one in this whole damned world masquerades as me in some unknown state with some unknown lending institutions?
Technically if the bank sues me, without actual proof that it was really me who borrowed and defaulted, they will lose in court, and probably liable for my court costs as well, and be open to libel too. But they don't sue us, they just report "this SSN, this name, this address, borrowed and defaulted on the loan" to the credit reporting agencies. Now the onus is on me to prove "it was not really me, but someone else". This is how they shifted the blame, reduced their costs, and they lend with impunity.
In no other country these personal details are so valuable. The only solution is to render this information useless. We need to get precedence set. Banks can not claim "XYZ defaulted on a loan" without actual proof that it was really XYZ not someone claiming to be XYZ. Else they are liable for libel and they should be penalized heavily.
Only when details of our personal life is useless in obtaining money from the banks, the identity theft will stop.
sed -e 's/Chuck Norris/Rajnikant/g' joke > fact
Basically their lawyers are advising them that anyone who thinks they might be held accountable needs to retire asap.
Gotta lock in those retirement / pension benefits before the mean old Justice Department tries to take it from them.
Who would want to be their new CEO, considering the title pretty much just means "the guy that will need to testify to Congress while the company is torn apart by class action suits".
-Styopa
I am no fan of banks or lenders, but in this specific case I have to say you are wrong. Completely wrong.
The reason that banks demand so much information from you if you want to open and account, or borrow money, or have a credit or debit card, is because the governments recognise that opening false accounts using fake identities is one of the best methods of laundering money from criminal schemes. So, for example, the United States Government demands that anyone operating in the US must comply with OFAC Screening requirements, [ OFAC = Office of Foreign Assets Control] because it was discovered that vast amounts of stolen or otherwise illegal money was washing through the US banking system...
Any bank or lender in the US that *fails* to demand really good proof of identity could be prosecuted by the Federal Government and suffer sanctions up to and including the loss of their banking license.
You also state that "The only solution is to render this information useless. We need to get precedence set. Banks can not claim "XYZ defaulted on a loan" without actual proof that it was really XYZ not someone claiming to be XYZ. Else they are liable for libel and they should be penalized heavily."
The problem with this statement is that what you are implicitly asking for is a hypothetical situation in which banks have some "other" means of "knowing" you. Fifty years ago, loans were offered to companies and individuals because they were literally known by the manager of the lending branch of the bank. Personal banking relationships were important because that was the way the world did business. Today, with on-line applications and risk-score-based loan decisions, the world has abandoned those principles. Instead, then, the bank needs to have a way of validating your identity, so that it can know with certainty who you are. [ And, incidentally, one reason this is crucial is it stops an individual from borrowing more than they can afford to repay by creating false identities - a risk that could put a lot of banks out of business].
Yet by demanding that banks find a way of validating the identity of creditors "without" recourse to personally identifiable information of this kind, you are actually implicitly opening a door to ever-more intrusive spying and monitoring of individuals by faceless corporations. And/or you are opening the door to the introduction of mandatory ID cards.
I dislike the idea of identity theft being used to defraud banks of money, because all the legitimate clients - like me - end up paying in the long run. But if your only solution is that I have to give up personal privacy and other personal freedoms [such as the right to anonymity] in return for cheaper banking, then I will pay a little more. At the end of the day we are all going to have a different preference on a question like this, but you have to think of the big picture and understand the full context of a situation before making decisions on this sort of thing...
Inept bastard
He didn't step down. Building security were inattentive and he was stolen.
Nullius in verba
so much so that the company will be tits up before long, then get $18 million for leaving plus another $17 million from selling my stock 2 days before it cratered due to my own bad decisions. All while suffering virtually no consequences. Must be nice to be a member of the ruling class. They sure take care of their own (unlike us working class stiffs, who spent the last two weeks arguing over who's gonna pay for health care).
Hi! I make Firefox Plug-ins. Check 'em out @ https://addons.mozilla.org/en-US/firefox/addon/youtube-mp3-podcaster/
Thank you, Dr Pedant, for your learned and enlightening commentary.
Actually, as weird as it may seem, the way to raise your credit score in the US is to have the potential to borrow money, but not use it. For example, lets say two people have a credit card with a max limit of $10,000. The person who only borrows $100 each month will have a higher credit score than someone who borrowers $10,000 every month.
How charmingly naive. Upper class people don't go to jail. Rest assured, the millions rotting in the Gulag are all plebs like us.
Should be personally liable.
thanks- info and twist of fate found at https://en.wikipedia.org/wiki/Arthur_Andersen for both. same umbrella, probably same sloppiness.
possibly...
Crivens! I kicked meself in me own heid!
....dumping more company stock at a predetermined price, right? I hope that frees up his time to stand trial and spend time in jail for screwing an entire nation. Allthouigh, I bet Trump will pardon him anyway.....
There is also one other distinction here is relevant. The Enron guys criminality was the proximate cause of that incident. They were cooking the books. With these breach the criminals are the third party hackers. Its possible the CXOs violated some SEC rules by selling stock before disclosure but that wasn't the cause of the breach....
Unless it was. I really can see this entire thing being a kind of a reverse-pump-and-dump. The stocks are certain to take a big hit on the breach announce and will probably recover to previous levels, the fundamentals having not really changes and the impacted consumers not really being the customer and having little recourse. So sell high, buy back low...
Repeal the 17th Amendment TODAY! Also Please Read http://www.gnu.org/philosophy/right-to-read.html
Agreed - the whole IT department should go to jail
it is reported that the ex-CEO of Equifax has had his name changed to Bambi Dancer, the SSN changed to 666-666-6666, and his bank accounts have been emptied. chuckling computer experts we contacted said, "aw, geez, poor guy. how'd that happen?"
if this is supposed to be a new economy, how come they still want my old fashioned money?
A key component of the Prisoner's Dilemma is that the "prisoners" can't communicate with each other. If they can, then it's easy to agree to collude and beat the "cops", as you describe here.
-Forrest Cameranesi, Geek of all Trades
"I am Sam. Sam I am. I do not like trolls, flames, or spam."
Just business-as-usual then Slashdot? Nothing about the massive outage over the past three days?
Nothing at all?
"Nine times out of ten, starting a fire is not the best way to solve the problem." - my wife
They can't report a risk they don't even know. In this case incompetence, firings, and resignations might be all they need to get out of jail free. Sucks for us.