Equifax CEO Steps Down Amid Hacking Scandal

An anonymous reader quotes a report from CNBC: Richard Smith, CEO and chairman of Equifax, abruptly retired Tuesday following a data breach at the credit-reporting service that affected the personal information of 143 million people. Smith, who was 57 as of the company's proxy statement in March, became CEO and chairman in 2005 after 22 years at General Electric in senior roles in various divisions. He is to appear at a hearing of the Senate Banking Committee on Oct. 4 and is the only person scheduled to testify. He is also scheduled to testify next week at a hearing of the House Energy and Commerce Committee. Smith's salary for 2016 was $1.45 million and his bonus was $3.045 million. In a regulatory filing on Tuesday, the company said Smith will not get a bonus for this year and any other decisions regarding how his departure has been characterized or how much the company owes him will be deferred until the board completes an independent review of the breach and the response to it. In a separate report, CNBC notes that Smith could walk away with at least $18.4 million in pension benefits. The company is looking for a new CEO, naming its Asia-Pacific head to take on the interim CEO role.

Re:like Arthur Andersen became Accenture amid scan

[ShanghaiBill]

like arthur andersen becoming Accenture amid the Enron scandal

Accenture split from Arthur Andersen in 1989. The Enron scandal was 13 years later, and Accenture was not involved.

Re: Knock, knock

[bestweasel]

Sorry about that, it was either the NSA in retaliation for the story about their spying or the Kremlin after the story about their dirty tricks or maybe those new technical folks we hired from Equifax aren't quite up to speed.

Evading the Prosecutors

[mentil]

The CEO isn't being accused of insider trading, but I imagine resigning is intended to reduce the likelihood that criminal charges will be brought against him. If your business is being an information broker, and securing people against problems involving that data, then it's not just the CSO's responsibility to secure your data. If this data leak led to a sudden explosion of identity theft, and a corresponding outcry blaming Equifax, then there'd be pressure to do something more than slap some C-levels on the wrist 5 years down the line after appeals. I'm sure Equifax is carefully weighing if it'd cost them more or less credibility to shut down after selling their name and assets to a 'new' company that carries none of the liability for these breaches, seem to recall Hostess did that.

Re:Evading the Prosecutors

[geekmux]

(Equifax) - "Hello! Nice to meet you! I understand you're interested in buying our assets."

(Buyer) - "Yes, we are! We just have to get through some background stuff. How's your credit score?"

Did extent of damage finally sink into CEO's mind?

[hai_Priesty]

And last week he was still clinging on by throwing their CIO and CSO under the bus. Given the multiple instances of criminally neglient way Equifax handle the aftermath and violation of basic security principles would it be that he finally comprehended the extent of their screw up?

It's not unlikely that entitled CEOs with his Ivory Tower buddies thought at first that this "PR Disaster" could be solved by a few fall guys, maybe a statement of non-apology or two, a free website and threw in some freebie reporting (that costs Equifax almost zero marginal cost) and he could ride out this 6-12 months.

Perhaps he finally grasped that at best, the company is ruined. It is probable that a few person (perhaps even CxO level) is going to jail like Enron execs - the fiduciary duty to 143 million people are even heavier that that of Enron, it's virtually any and all USA working people with a minimal "economic participartion".

Or worst case scenario in his POV, he realized might had nuclear-Armagaddoned the whole private / consumer Credit industry. After virtually all economically active people in the USA has been compromised there are little ways for any agencies to vet credit worthiness anymore at a low cost way for numerous years. Then the damage flow down to all Financial institutions (who can'teven know who is who and can't decide whether to even do business with eager customers) and to less extent, all employers and other individuals (like landlords), and the whole financial market will either need a total overhaul or suffer a meltdown............ Possibly a total overhaul AFTER meltdown. At that point, he should fear for his life and flee... cough I mean retire to a tropical island and stepping down from CEO and fleeing from the burning house known as Equifax is a prudent start.

He should not be allowed to resign

[Alain+Williams]

but made to stay there and face the music. As it is he will just run and become CEO of some other outfit that he will also fail to manage properly.

Toughing It Out

[ytene]

For those people not actually serving on the board [or boards] of a top multinational company, the environment experienced [enjoyed?] by those at the top will be utterly alien. Like high political office, the principle motivators are going to be power and money - and as much of both as possible.

When the news of the breach became public, the Board of Directors likely knew that there would be scalps. It is not clear if the trading of shares by some of their number [between the breach being discovered and being made public] was common knowledge or not.

However, we should not be surprised to see the Chief Executive ask the CIO and CSO to step down. The aim of anyone operating at a CxO or board level is to minimise disruption. The more executives that get fired, the worse the message being sent to shareholders and clients - something which will directly impact the CEO in their pocket, because, of course, they are major shareholders thanks to their "packages"...

So although it looks to us, from the outside, as though the CEO threw two of his former colleagues "under the bus" [and I am sure there are cases where office politics makes that the expedient thing to do] there is an equal chance that they were simply trying to protect themselves. When the decision to fire these two former colleagues was made, the CEO was obviously hoping that they could weather the storm and continue to collect their fat pay check for a bit longer. In fact - given the nature of megalomania that seems to infect board rooms these days, they were no doubt planning how to use this to their advantage by demanding "stretch objectives" tied to their next bonus that included strengthening their IT and Security disciplines - which they would then claim to have achieved by simply hiring someone else...

Lastly, the final possible reason for the CEO asking for these resignations / firing these former colleagues, is to try and head off any form of criminal sanction. If we remember back to the accounting scandals at Enron, the scale of the malpractice there was sufficient for the Sarbanes-Oxley act to be introduced. This act includes provisions for mandatory jail time for CEOs and board level management/directors if it is found that a company is materially mis-representing their financial position, or failing to adequately disclose risks. It is highly likely that there will be attempts at shareholder lawsuits in the wake of this incident, since investors will argue that they would not have invested in the company had they known about the poor security practices that led to the breach.

All of this takes this to the weird situation in which it is likely that other CEOs, CIOs, CTOs across corporate America would actually be encouraging the termination of these three Equifax executives. Their reason will be self-preservation. If these three decided to tough it out, their belligerence could easily be what is necessary to force a US legislator to propose tightening the laws in a way that increases the legal liability on directors and senior management of publicly traded companies. This is the very last thing that other CxOs want to see happen - so from their perspective the Equifax incident must "stop the rot". We could summarize their view as, "Don't tip the gravy train off the tracks... Go quiet for a couple of months and then someone will offer you some executive directorships..."

Amid the clamour demanding that "something must be done", a termination or resignation is going to infinitely preferable to jail time.

Lesson learned

[houghi]

You can screw over 143.000.000 people without any issue, but when you screw over a few people with insider trading info, you are going to jail.
Also see that asswipe that increased prices for medicine times 900. Steal from the poor, not an issue. Steal from the rich, we have laws against that.

But I guess that giving power and money to the 1% is the only alternative of not becoming a socialist, because that would be worse, right? (That was sarcasm)

Re:Did extent of damage finally sink into CEO's mi

[DarkOx]

None of that will happen none. This guy will quietly disappear to his multi-million dollar estate until the general public mostly forgets his name. After which point he will decide if he wants to come out of retirement or not, if he chooses to go back to work a buddy of his will invite him to buy into a seat on a board of directors somewhere where he can start drawing a nice salary and quickly recoup his investment in the stock he had to buy.

That is how this works. Enron was only different because it literally resulting in massive job losses localized to a few communities, and the lights had to be turned off in some buildings. Finally a bunch of public pensions got hit by that one. It was impossible for the public to ignore those things some nobles had to actually be sacrificed. Wont happen this time because nobody can really even show they were specifically damaged by these breaches.

Re:Did extent of damage finally sink into CEO's mi

[Kiuas]

Or worst case scenario in his POV, he realized might had nuclear-Armagaddoned the whole private / consumer Credit industry.

On a semi-related note as a non-American, I've always found the setup of the american credit rating system to be weird in the context of american individualism/consumer-culture. Like, I understand why these companies exist and why lenders want access to such data, but it's interesting to me that they're allowed to collect and maintain these databases and hand out information without any consent from the individuals. This to me goes very much against the principles of the free market, where the consumer himself should have control over which services he's using to handle his credit.

Here in Finland we have a credit rating system that works so that credit rating companies only collect information on failed payments. That's, there's no 'positive' credit rating score for anyone, only negative marks on those who've failed to pay and have had a court order for the debt to be collected, or who're over 60 days late on payment. Once the debts have been successfully collected the entry is deleted in 2-5 years and the person again has a 'clean' credit rating. Banks and financial institutions can and do always check these records when they're processing a loan/credit application, but any further info like monthly income etc. has to be provided for them by the customer via their bank/employer.

Of course this is slightly more tedious than the american system as in it takes more effort from the individual than the american model, but in so far as i can see this has 2 major benefits:
1) It avoids weak points like this Equifax thing when sensitive information is not stored en mass by private companies but rather remains in the control of the consumer
2) It doesn't encourage people to use credit as much. Granted, my understanding of the American model is limited, so I may be mistaken, but it's my understanding that in order to improve one's credit score in the US, many people buy stuff more on credit to get their score up even if they have money to pay out of pocket and could use a debit card.

A sensible credit raring system in my opinion should not be encouraging people to take debt so that they can take more debt in the future, nor should it place such sensitive and valuable information to the hands of 3rd parties without consent.