Two Equifax executives are retiring only eight days after the credit reporting firm was hacked, leading to the data leak of nearly half of the U.S. population, the company announced on Friday.
Chief Information Officer David Webb is retiring and will be replaced by Mark Rohrwasser, who has lead Equifax’s IT operations since joining the company in 2016. Chief Security Officer Susan Mauldin is also on her way out. Mauldin is being replaced by Russ Ayres, an Equifax VP of IT.
Equifax’s hack compromised the data of 143 million Americans, and included critical personal information, including social security numbers, birth dates, and addresses. An additional 209,000 U.S. consumers had their credit card information leaked. The company spotted the breach on July 29, more than a month before it announced the hack to the public.
The leaked data is a treasure trove for cybercriminals, who are able to sell identities for between $5 and $30 on the black market, according to cybersecurity expert Mark Nunnikhoven.
“These identity documents can be used in real-world identity theft,” Nunnikhoven told TheWrap. “So if you print up a fake social security card and walk into a bank that the originator of that social security number has never done business with, you can easily open an account in their name and be them for all intents and purposes.”
The bad optics were only exacerbated on Thursday, when Equifax revealed it had failed to patch a void in its security system — despite the patch being available for months before the breach. Equifax said its system was hit between mid-May and July.
Wall Street has hammered Equifax in the last week, with its shares cratering more than 33 percent — from about $143 to $93 since the hack was made public.
Salvation doesn’t appear on the horizon for Equifax, either. Dozens of lawsuits have already been filed against the company, and nearly 40 states are investigating the hack. The Federal Trade Commission and Congress are looking into it, too, with Equifax CEO Richard Smith set to testify before the House of Representatives on Oct. 3.