Equifax's top cybersecurity officers retire 'effective immediately

Elizabeth Weise | USA TODAY

SAN FRANCISCO — Equifax announced Friday afternoon its chief information officer, Susan Mauldin, and chief security officer, David Webb are retiring "effective immediately."

The departure of the two senior security professionals, charged with overseeing the credit reporting firm's defenses against hacks, follows the disclosure last week that hackers may have stolen personal data on 143 million of its U.S. customers, plus credit cards and personal identifying information for 400,000.

Webb is 61 and in 2016 received $2.56 million in compensation, according to Reuters.

Mauldin was chief security officer at the company, one of the nation's three largest credit reporting firms, from 2013 until Friday. By Friday afternoon her name had disappeared from the company's website and her LinkedIn page only showed her first name and the initial of her last name, with her place of work listed as "private."

The breach happened because Equifax security staff failed to promptly install a security fix to a flaw found in a web application tool used by many major corporations, the industry group that oversees the open-source software said earlier this week .

Hackers took advantage of a window when the flaw was known but not fixed, which lasted two months, to penetrate the company's digital defenses.

Equifax faces at least 23 proposed class-action lawsuits over the breach and a federal probe from two agencies. Its stock has lost more than a third of its value since the breach was disclosed.

The company’s interim chief information office will be Mark Rohrwasser, Equifax said. Its interim chief security officer will be Russ Ayres.

Prior to his new position, Rohrwasser led Equifax’s International IT operations. Ayres was vice president of the IT organization.

"The personnel changes are effective immediately," the company said in a statement.

More: Equifax data breach: Elizabeth Warren calls for probe of hack, consumer data security

More: Equifax data breach: What you need to know about hacking crisis