The CEO of credit data agency Equifax has quit after hackers stole private information about more than 143 million people, potentially exposing them to identity theft.
Richard Smith, who had helmed the credit report and credit score company for nearly 12 years, would retire, Equifax announced on Tuesday.
His resignation follows that of the company’s chief security and chief technology officers on September 15.
On September 7, Equifax revealed private details about more than 143 million Americans and 100,000 Canadians had been exposed to hackers. UK customers were also affected.
The disclosure came six weeks after the breach of its systems in late July, and Equifax was reported to have known about a vulnerability in its security since at least March.
Three executives, including Equifax’s chief financial officer, sold their company stock in August; however, Equifax said those execs had no knowledge of the hacking at the time.
On September 19, Equifax Canada said it believed hackers may have had access to personal information about 100,000 Canadians, including their name, address, Social Insurance Number and some credit card numbers.
The company said it discovered the unauthorized access on July 29 “and acted immediately to stop the intrusion”, then engaged an independent cybersecurity firm to carry out a forensic review to determine what data may have been accessed or stolen.
The company said it would notify impacted customers via mail about what steps they should take, and would prove them with 12 months of complimentary credit monitoring and identity theft protection.
"We apologize to Canadian consumers who have been impacted by this incident," said Lisa Nelson, president and general manager of Equifax Canada.
"We understand it has also been frustrating that Equifax Canada has been unable to provide clarity on who was impacted until the investigation is complete. Our focus now is on providing impacted consumers with the support they need."
It urged Canadian consumers to review their account statements and credit reports, and to report any unauthorized activity to their financial institution.
Avoid ‘check-the-box compliance’ when it comes to cybersecurity
What exactly is causing the data breaches at your company?