Beleaguered Equifax, the credit-reporting company that let criminals access Americans’ most-sensitive personal information, has turfed two high executives as a result of the data breach.
Meanwhile, it’s been revealed that the hackers used a vulnerability that Equifax knew about or should have known about before the breach occurred.
On Sept. 15, the company announced that chief information officer David Webb was retiring, with Mark Rohrwasser appointed as interim CIO.
Also retiring was chief security officer Susan Maulden. Russ Ayres, who had been vice-president of IT for the company, is taking her place as interim CSO, the firm said.
Get tech news in your inbox weekday mornings. Sign up for the free Good Morning Silicon Valley newsletter.
The shakeup followed the revelation Sept. 7 that personal information for up to 143 million Americans had been accessed by criminal hackers, with exposed data including names, Social Security numbers, birth dates and addresses — enough for identity thieves to loot bank accounts and take credit out in other people’s names, experts have said.
Since the breach, cybersecurity folks have savaged Equifax over its security processes, and now Maulden is in critics’ sites.
The former CSO, it appears, may have had unusual qualifications for the job, if reports are to be believed.
“When Congress hauls in Equifax CEO Richard Smith to grill him, it can start by asking why he put someone with degrees in music in charge of the company’s data security,” MarketWatch columnist Brett Arends wrote Sept. 15.
“And then they might also ask him if anyone at the company has been involved in efforts to cover up Susan Mauldin’s lack of educational qualifications since the data breach became public.”
Before Mauldin apparently made the details of her LinkedIn profile private, the online CV showed her to have an educational background somewhat surprising for a top cybersecurity officer at a firm that hoards citizens’ most valuable personal data, reports indicate.
Online magazine Hollywood LA News published what purported to be a screenshot of Mauldin’s LinkedIn page before it was stripped of details. The screenshot shows Mauldin having bachelor’s and master’s degrees in music composition from the University of Georgia. For jobs before the CSO position at Equifax, positions as a “professional” are listed at First Data Corporation, SunTrust Bank and Hewlett-Packard.
The latest version of what appears to be her LinkedIn profile just has the initials M.S., with education details removed, though her “interests” include Equifax and HP Alumni.
Arends wrote that “tech-savvy blogs” had determined that after the breach was made public, “someone began to scrub the internet of information about Mauldin.
“Her LinkedIn page was made private,” he wrote. “Two videos of interviews with Mauldin have been removed from YouTube. A podcast of an interview has also been taken down.”
Equifax said Sept. 13 that the hackers got in through a vulnerability in the “Apache Struts” web application framework. On Sept. 14, the owner of that framework, Apache Struts, noted on Sept. 14 that it had patched and announced the vulnerability on March 7. Equifax has said the breach started in May.
Tags: David Webb, Equifax, Mark Rohrwasser, Richard Smith, Russ Ayres, Susan Mauldin