Updated at 9:54 a.m. ET
Equifax Chairman and CEO Richard F. Smith is retiring, the credit reporting agency announced Tuesday. The news comes just weeks after the company said a massive data breach exposed the personal information of up to 143 million people.
At the time, the company also acknowledged it had waited more than a month to alert people to the breach, which potentially gave hackers access to U.S. consumers’ names, social security numbers, addresses, birth dates — and, for some people, their credit card information, as well.
“The cybersecurity incident has affected millions of consumers, and I have been completely dedicated to making this right,” Smith said in a statement Tuesday. “At this critical juncture, I believe it is in the best interests of the company to have new leadership to move the company forward.”
His retirement is effective immediately.
As NPR’s Alina Selyukh noted, the fact of the data breach is not the only controversy swirling around Equifax:
“The credit reporting company has said that it discovered “unauthorized access” to its systems on July 29,” Alina reported earlier this month. “Regulatory filings show the three Equifax executives — Chief Financial Officer John Gamble, U.S. Information Solutions President Joseph Loughran and Workforce Solutions President Rodolfo Ploder — completed stock sales on Aug. 1 and 2.”
The agency denies these executives knew about the data breach “at the time they sold their shares.”
Added to this revelation was another reported by NPR’s Merrit Kennedy: In the days following its acknowledgment of the incident, the company at several times directed concerned consumers to a fake phishing site set up by one of its engineers.
The move — apparently an attempt to “educate people rather than steal their information,” Merrit adds — nevertheless elicited further criticism over how Equifax was responding to the massive incident.
“I recommend companies direct people to a site that is trusted and part of their main domain, in order to make sure that something like this doesn’t happen,” Tarah Wheeler, a cybersecurity consultant at Red Queen Technologies, told NPR last week.
“We are working intensely to support consumers and make the necessary changes to minimize the risk that something like this happens again,” board member Mark Feidler said of the data breach in a statement Tuesday.
“Speaking for everyone on the Board, I sincerely apologize. We have formed a Special Committee of the Board to focus on the issues arising from the incident and to ensure that all appropriate actions are taken.”