Equifax boss leaves after data breach

image copyrightEPA
image captionEquifax's share price has fallen by more than a third since the data breach

US credit report giant Equifax has announced that its chairman and chief executive, Richard Smith, is stepping down with immediate effect.

The move comes as Equifax struggles to rebuild its reputation after it emerged earlier this month that the firm had suffered a massive data breach.

Data on up to 143 million Americans may have been stolen by hackers between mid-May and July.

About 400,000 Britons and a number of Canadians were also affected.

The company said Paulino do Rego Barros, who currently runs the firm's Asia Pacific division, would take over as interim chief executive, while Mark Feidler would serve as non-executive chairman.

Mr Smith said: "At this critical juncture, I believe it is in the best interests of the company to have new leadership to move the company forward."

Equifax said it would undertake a search for a new permanent chief executive, looking at candidates from inside and outside the firm, while Mr Smith had agreed to stay on as an unpaid adviser during the transition.

Chief information officer David Webb and chief security officer Susan Mauldin departed shortly after the firm disclosed the breach.

Equifax faces dozens of legal claims over the breach, which the US Federal Trade Commission is investigating.

Social security numbers, birth dates, addresses and driving licence numbers for up to 143 million Americans were exposed, the Atlanta-based firm has said.

Credit card numbers for about 209,000 Americans and "certain dispute documents with personal identifying information" for some 182,000 Americans were also accessed by the hackers.

Lenders use data amassed by firms like Equifax to assess the credit worthiness of customers seeking to acquire houses, cars and credit cards.

Equifax holds data on more than 820 million consumers as well as information on 91 million businesses.

Senators said the incident shows the need for stronger rules on what companies must disclose about cyber attacks.

They also asked if the Securities and Exchange Commission would take action against executives who sold Equifax stock after the breach was discovered but before the public was informed.

Equifax has said previously the executives in question were not aware of the breach when the sales occurred.

Speaking before a Senate panel on Tuesday, SEC Chair Jay Clayton said it is policy not to confirm or deny investigations, but added: "I'm not ignoring this or other events like it."

More on this story