Slashdot Mirror
Equifax CEO Steps Down Amid Hacking Scandal (cnbc.com)
An anonymous reader quotes a report from CNBC: Richard Smith, CEO and chairman of Equifax, abruptly retired Tuesday following a data breach at the credit-reporting service that affected the personal information of 143 million people. Smith, who was 57 as of the company's proxy statement in March, became CEO and chairman in 2005 after 22 years at General Electric in senior roles in various divisions. He is to appear at a hearing of the Senate Banking Committee on Oct. 4 and is the only person scheduled to testify. He is also scheduled to testify next week at a hearing of the House Energy and Commerce Committee. Smith's salary for 2016 was $1.45 million and his bonus was $3.045 million. In a regulatory filing on Tuesday, the company said Smith will not get a bonus for this year and any other decisions regarding how his departure has been characterized or how much the company owes him will be deferred until the board completes an independent review of the breach and the response to it. In a separate report, CNBC notes that Smith could walk away with at least $18.4 million in pension benefits. The company is looking for a new CEO, naming its Asia-Pacific head to take on the interim CEO role.
And last week he was still clinging on by throwing their CIO and CSO under the bus. Given the multiple instances of criminally neglient way Equifax handle the aftermath and violation of basic security principles would it be that he finally comprehended the extent of their screw up?
It's not unlikely that entitled CEOs with his Ivory Tower buddies thought at first that this "PR Disaster" could be solved by a few fall guys, maybe a statement of non-apology or two, a free website and threw in some freebie reporting (that costs Equifax almost zero marginal cost) and he could ride out this 6-12 months.
Perhaps he finally grasped that at best, the company is ruined. It is probable that a few person (perhaps even CxO level) is going to jail like Enron execs - the fiduciary duty to 143 million people are even heavier that that of Enron, it's virtually any and all USA working people with a minimal "economic participartion".
Or worst case scenario in his POV, he realized might had nuclear-Armagaddoned the whole private / consumer Credit industry. After virtually all economically active people in the USA has been compromised there are little ways for any agencies to vet credit worthiness anymore at a low cost way for numerous years. Then the damage flow down to all Financial institutions (who can'teven know who is who and can't decide whether to even do business with eager customers) and to less extent, all employers and other individuals (like landlords), and the whole financial market will either need a total overhaul or suffer a meltdown............ Possibly a total overhaul AFTER meltdown. At that point, he should fear for his life and flee... cough I mean retire to a tropical island and stepping down from CEO and fleeing from the burning house known as Equifax is a prudent start.
For those people not actually serving on the board [or boards] of a top multinational company, the environment experienced [enjoyed?] by those at the top will be utterly alien. Like high political office, the principle motivators are going to be power and money - and as much of both as possible.
When the news of the breach became public, the Board of Directors likely knew that there would be scalps. It is not clear if the trading of shares by some of their number [between the breach being discovered and being made public] was common knowledge or not.
However, we should not be surprised to see the Chief Executive ask the CIO and CSO to step down. The aim of anyone operating at a CxO or board level is to minimise disruption. The more executives that get fired, the worse the message being sent to shareholders and clients - something which will directly impact the CEO in their pocket, because, of course, they are major shareholders thanks to their "packages"...
So although it looks to us, from the outside, as though the CEO threw two of his former colleagues "under the bus" [and I am sure there are cases where office politics makes that the expedient thing to do] there is an equal chance that they were simply trying to protect themselves. When the decision to fire these two former colleagues was made, the CEO was obviously hoping that they could weather the storm and continue to collect their fat pay check for a bit longer. In fact - given the nature of megalomania that seems to infect board rooms these days, they were no doubt planning how to use this to their advantage by demanding "stretch objectives" tied to their next bonus that included strengthening their IT and Security disciplines - which they would then claim to have achieved by simply hiring someone else...
Lastly, the final possible reason for the CEO asking for these resignations / firing these former colleagues, is to try and head off any form of criminal sanction. If we remember back to the accounting scandals at Enron, the scale of the malpractice there was sufficient for the Sarbanes-Oxley act to be introduced. This act includes provisions for mandatory jail time for CEOs and board level management/directors if it is found that a company is materially mis-representing their financial position, or failing to adequately disclose risks. It is highly likely that there will be attempts at shareholder lawsuits in the wake of this incident, since investors will argue that they would not have invested in the company had they known about the poor security practices that led to the breach.
All of this takes this to the weird situation in which it is likely that other CEOs, CIOs, CTOs across corporate America would actually be encouraging the termination of these three Equifax executives. Their reason will be self-preservation. If these three decided to tough it out, their belligerence could easily be what is necessary to force a US legislator to propose tightening the laws in a way that increases the legal liability on directors and senior management of publicly traded companies. This is the very last thing that other CxOs want to see happen - so from their perspective the Equifax incident must "stop the rot". We could summarize their view as, "Don't tip the gravy train off the tracks... Go quiet for a couple of months and then someone will offer you some executive directorships..."
Amid the clamour demanding that "something must be done", a termination or resignation is going to infinitely preferable to jail time.