Key security executives leaving Equifax after security breach
The company announced that its chief information officer and chief security officer would be retiring.
The retiring of now-former CSO Susan Mauldin and CIO Dave Webb comes a week after Equifax announced a breach of data for about 143 million U.S. consumers, including their names, Social Security numbers, birth dates, addresses and, for some, driver's license numbers.
Equifax released additional information about the breach, saying it was detected on July 29 when suspicious network traffic was detected, and then blocked, on the company's dispute web portal. The next day, suspicious activity was detected again and the company took the affected web application offline.
Equifax said a review of the incident led to discovery of a vulnerability in the Apache Struts web application framework, which was patched before being put back online.
On August 2, Equifax also contracted the cybersecurity firm Mandiant. Over the course of a month, Mandiant identified the unauthorized activity on Equifax's network, revealing how many of its clients' data had been compromised.
The company said that, in addition to the changes of CSO and CIO, it continues to explore ways to improve its security. ■