Stories
Slash Boxes
Comments

SoylentNews is people

Equifax CIO, CSO “Retire” in Wake of Huge Security Breach

posted by Fnord666 on Monday September 18 2017, @09:41AM   Printer-friendly
from the retired-or-fired dept.

MrPlow writes:

Submitted via IRC for SoyCow5743

On Friday, Equifax announced that two top executives would be retiring in the aftermath of the company's massive security breach that affected 143 million Americans.

According to a press release, the company said that its Chief Information Officer, David Webb, and Chief Security Officer, Susan Mauldin, would be leaving the company immediately and were being replaced by internal staff. Mark Rohrwasser, who has lead Equifax's international IT operations, is the company's new interim CIO. Russ Ayres, who had been a vice president for IT at Equifax, has been named as the company's new interim CSO.

The notorious breach was accomplished by exploiting a Web application vulnerability that had been patched in early March 2017.

However, the company's Friday statement also noted for the first time that Equifax did not actually apply the patch to address the Apache Struts vulnerability (CVE-2017-5638) until after the breach was discovered on July 29, 2017.

Source: https://arstechnica.com/tech-policy/2017/09/equifax-cio-cso-retire-in-wake-of-huge-security-breach/

Also at https://www.bleepingcomputer.com/news/security/equifax-releases-new-information-about-security-breach-as-top-execs-step-down/

Original Submission

 
This discussion has been archived. No new comments can be posted.
Equifax CIO, CSO “Retire” in Wake of Huge Security Breach | Log In/Create an Account | Top | 47 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 2) by frojack on Wednesday September 20 2017, @07:45PM (1 child)

    by frojack (1554) Subscriber Badge on Wednesday September 20 2017, @07:45PM (#570825) Journal

    Not sure missing one machine in your company wide patch program rises to the level of a crime.

    Who died here?
    Who was actually hurt?
    Who won't be protected against credit fraud?

    You do know that Equifax has their own Credit Monitoring Service [equifax.com] right?
    Oh, you don't trust Equifax any more? Fine. Equifax will hire Experian [experian.com] for your account. All free to you.

    Oh, don't get me wrong, Equifax will pay. They will pay everybody. This will cost big time. But I wager, Ma and Pa Sixpack are never going to lose a dime because of this. Just like nobody lost any money on the Target breach, except Target [thesslstore.com].

    --
    No, you are mistaken. I've always had this sig.
    Starting Score:    1  point
    Karma-Bonus Modifier   +1  
    Total Score:   2  

  • (Score: 0) by Anonymous Coward on Thursday September 21 2017, @02:54PM

    by Anonymous Coward on Thursday September 21 2017, @02:54PM (#571172)

    And because all of this, there was no display of severe incompetence, nor was it the case that it is just plain *wrong* for others to hold data about you that you have no insight into?
    Gotcha!