Equifax CIO, CSO “retire” in wake of huge security breach


Enlarge / A monitor shows Equifax Inc. signage on the ground of the New York Stock Exchange (NYSE) in New York, US, on Friday, Sept. 15, 2017.

Michael Nagle/Bloomberg through Getty Images

On Friday, Equifax introduced that two prime executives could be retiring within the aftermath of the corporate’s huge safety breach that affected 143 million Americans.

According to a press launch, the corporate mentioned that its Chief Information Officer, David Webb, and Chief Security Officer, Susan Mauldin, could be leaving the corporate instantly and have been being changed by inner employees. Mark Rohrwasser, who has lead Equifax’s worldwide IT operations, is the corporate’s new interim CIO. Russ Ayres, who had been a vp for IT at Equifax, has been named as the corporate’s new interim CSO.

The infamous breach was achieved by exploiting a Web utility vulnerability that had been patched in early March 2017.

However, the corporate’s Friday assertion additionally famous for the primary time that Equifax didn’t truly apply the patch to deal with the Apache Struts vulnerability (CVE-2017-5638) till after the breach was found on July 29, 2017.

As Ars reported earlier within the week, Apache Struts is a framework for growing Java-based apps that run each front-end and back-end Web servers. It is relied on closely by banks, authorities businesses, massive Internet firms, and Fortune 500 firms. Experian, one of many three huge credit score reporting companies, and annualcreditreport.com, which offers free credit score experiences, each reportedly depend on Apache Struts as effectively.

“While Equifax fully understands the intense focus on patching efforts, the company’s review of the facts is still ongoing,” the press launch continued. “The company will release additional information when available.”

Leave a Reply