Credit scoring company Equifax announced on Friday evening that its chief information officer and chief security officer “are retiring” in the wake of a breach which exposed the personal details of up to 143 million US and 400,000 UK consumers.
The statement came on a day when Equifax’s share price continued to slide following a week of relentless criticism over its response to the data breach.
US politicians, regulators and consumers have complained that Equifax’s response to the breach, which exposed sensitive data like social security, had been slow, inadequate and confusing.
Equifax said that Susan Mauldin, chief security officer, and David Webb, chief information officer, were retiring.
The company named Mark Rohrwasser as interim chief information office and Russ Ayres as interim chief security officer.
Rohrwasser has led the company’s international IT operations, and Ayres was a vice president in the IT organization.
The company also confirmed that Mandiant, the threat intelligence arm of the cyber firm FireEye, has been helping investigate the breach. It said Mandiant was brought in on 2 August after Equifax’s security team initially observed “suspicious network traffic” on 29 July.
Equifax UK said in a statement: “Regrettably the investigation shows that a file containing UK consumer information may potentially have been accessed. This was due to a process failure, corrected in 2016, which led to a limited amount of UK data being stored in the US between 2011 and 2016.
“The information was restricted to: Name, date of birth, email address and a telephone number and Equifax can confirm that the data does not include any residential address information, password information or financial data.
“Having concluded the initial assessment Equifax has established that it is likely to need to contact fewer than 400,000 UK consumers in order to offer them appropriate advice and a range of services to help safeguard and reassure them.”
In the US, Equifax has hired public relations companies DJE Holdings and McGinn and Company to manage its response to the hack, PR Week reported.
The company’s share price has fallen by more than a third since it disclosed the hack on 7 September, closing on Friday at $92.98.