Stories
Slash Boxes
Comments

SoylentNews is people

Equifax CIO, CSO “Retire” in Wake of Huge Security Breach

posted by Fnord666 on Monday September 18 2017, @09:41AM   Printer-friendly
from the retired-or-fired dept.

MrPlow writes:

Submitted via IRC for SoyCow5743

On Friday, Equifax announced that two top executives would be retiring in the aftermath of the company's massive security breach that affected 143 million Americans.

According to a press release, the company said that its Chief Information Officer, David Webb, and Chief Security Officer, Susan Mauldin, would be leaving the company immediately and were being replaced by internal staff. Mark Rohrwasser, who has lead Equifax's international IT operations, is the company's new interim CIO. Russ Ayres, who had been a vice president for IT at Equifax, has been named as the company's new interim CSO.

The notorious breach was accomplished by exploiting a Web application vulnerability that had been patched in early March 2017.

However, the company's Friday statement also noted for the first time that Equifax did not actually apply the patch to address the Apache Struts vulnerability (CVE-2017-5638) until after the breach was discovered on July 29, 2017.

Source: https://arstechnica.com/tech-policy/2017/09/equifax-cio-cso-retire-in-wake-of-huge-security-breach/

Also at https://www.bleepingcomputer.com/news/security/equifax-releases-new-information-about-security-breach-as-top-execs-step-down/

Original Submission

 
This discussion has been archived. No new comments can be posted.
Equifax CIO, CSO “Retire” in Wake of Huge Security Breach | Log In/Create an Account | Top | 47 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 1, Interesting) by Anonymous Coward on Monday September 18 2017, @11:53AM (3 children)

    by Anonymous Coward on Monday September 18 2017, @11:53AM (#569707)

    Shouldn't Equifax just go bankrupt from lawsuits and fines from mishandling PII? Then there would be no money/benefits to give the executives.

    Starting Score:    0  points
    Moderation   +1  
       Interesting=1, Total=1
    Extra 'Interesting' Modifier   0  
    Total Score:   1  

  • (Score: 5, Insightful) by bradley13 on Monday September 18 2017, @12:00PM (2 children)

    by bradley13 (3053) Subscriber Badge on Monday September 18 2017, @12:00PM (#569709) Homepage Journal

    "Shouldn't Equifax just go bankrupt from lawsuits and fines from mishandling PII? Then there would be no money/benefits to give the executives."

    CxO types take care of each other. Bet that they already have the bonuses, and I wouldn't be surprised if they have vested (i.e. fully-funded) pensions, probably unlike the rest of the Equifax employees.

    Ah, stocks, that may hang some of them. It appears that some of the top-level execs were trying to sell their stocks before the SHTF. Which is called insider trading, and jail terms would be well-deserved pour le encourage les autres.

    --
    Everyone is somebody else's weirdo.

    • (Score: 0) by Anonymous Coward on Monday September 18 2017, @07:52PM

      by Anonymous Coward on Monday September 18 2017, @07:52PM (#569885)

      Bet that they already have the bonuses, and I wouldn't be surprised if they have vested (i.e. fully-funded) pensions

      Claw back. [zerohedge.com]

    • (Score: 1, Redundant) by frojack on Wednesday September 20 2017, @07:27PM

      by frojack (1554) Subscriber Badge on Wednesday September 20 2017, @07:27PM (#570818) Journal

      It appears that some of the top-level execs were trying to sell their stocks before the SHTF.

      ALL the top level execs and board members sell their bonus stock routinely.

      They have their portfolio manager sell on a schedule that doesn't change. The exec is hands off of his own-company stock.

      Every change requires another federal form be filled out.
      Every scheduled sale requires a federal form.

      http://www.investopedia.com/articles/stocks/05/042605.asp [investopedia.com]

      Finally, be careful about placing too much stake in insider trading since the documents reporting them can be hard to interpret. A lot of Form 4 trades do not represent buying and selling that relate to future stock performance. The exercise of stock options, for instance, shows up as both a buy and a sell on Form 4 documents, so it is a dubious signal to follow. Automatic trading is another activity that is hard to interpret - to protect themselves from lawsuits, insiders set up guidelines for buying and selling, and leave the execution to someone else. SEC Form 4 documents disclose these hands-off insider transactions, but they don't always state that the sales were scheduled far ahead of time.

      It goes without saying that the FTC looks into this every time there is an "event" at any company. It goes without saying that the press jumps on this without even
      bothering to check with the FTC, because they know its automatic.
      99.99% of the time nothing is found that is not routine and pre-scheduled.
      99.999% of the time some fools screams INSIDER TRADING.

      --
      No, you are mistaken. I've always had this sig.