Richard F. Smith, the CEO and chairman of Equifax, stepped down on Tuesday in the wake of the cyberbreach that exposed the private data of 143 million people, inciting public outcry against the credit reporting agency for its lax security measures and its mishandling of the fallout.
“The cybersecurity incident has affected millions of consumers, and I have been completely dedicated to making this right. At this critical juncture, I believe it is in the best interests of the company to have new leadership to move the company forward,” Smith said in the press release announcing his retirement.
Smith joined Equifax as CEO in 2005, after 22 years at General Electric. Before the scandal, Smith was hailed for increasing the company’s revenue—from $1.4 billion the year he took charge to $3.1 billion last year. He is scheduled to testify before the Senate Banking Committee and a special House panel concerning the hack next week.
It’s understandable for Smith to assume he’s lost his customers’ trust, considering everything that went awry under his watch. Equifax found that its consumer website had been breached on July 29; data had been exposed since mid-May. Yet the company waited for six weeks after the discovery before alerting the public. Chief Financial Officer John Gamble, along with two other executives, sold $1.8 million worth of Equifax shares after the breach was internally discovered but before it was publicly disclosed. The executives denied knowledge of the issue at the time that they completed their sales.
The hackers were able to break in because of a bug in the Apache software that Equifax uses for its website. The Apache Software Foundation encouraged users to patch the software back in March, but Equifax failed to do so until after the breach. Hackers could have had access to names, birthdays, addresses, Social Security numbers, driver’s license numbers, and credit card information.
Paulino do Rego Barros Jr., president of Equifax’s Asia Pacific operations, has been appointed as the interim CEO. The company is looking at internal and external candidates for a more permanent replacement. Smith will act as an unpaid adviser for 90 days to ensure a smooth transition. The details of his retirement package are currently unclear. But he’s not receiving a bonus for 2017, one of the few sensible decisions Equifax has made in recent weeks.