Following a security breach that exposed the credit information of 143 million people to hackers, it was revealed that Equifax Chief Information Security Officer Susan Mauldin was a music major in college.

Equifax, which is a credit reporting agency, hired Mauldin as their Chief Information Security Officer in 2013. Previously, Mauldin was the Senior Vice President and Chief Security Officer at First Data Corporation until 2013. Prior to that, she was also SunTrust Banks’ Group Vice President from 2007 to 2009.

How she got any of these positions, or the skillset required for them, is still an open question considering her educational background. According to her LinkedIn Mauldin did not have any technology or security credentials. Instead, she got a bachelor’s degree and a Master of Fine Art’s degree in music composition from the University of Georgia.

There’s been virtually no coverage of Mauldin’s credentials following the security breach but, as ZeroHedge has pointed out, Equifax scrubbed Mauldin’s LinkedIn and took down videos and podcasts with her. Since then, Mauldin has resigned from her position as Equifax’s CISO.

Could this all have been done in an attempt to hide that the individual that Equifax put in charge of protecting 143 million American’s credit information was an affirmative action hire meant to meet some quota?

That still remains to be seen, though we do know that Equifax, like most other major corporations, has diversity programs in place – indicating that their hiring process may also put a premium on women and racial minorities over white men. This is supported by the fact that the security breach and the handling of it since then both indicate that Susan Mauldin had no idea what she was doing.

As Lily Hay Newman at Wired and security journalist Brian Krebs have documented, Equifax committed an embarrassing series of mistakes that led to the security breach and then left multiple vulnerabilities in the following months.

The breach itself happened because Equifax was using an old web application that had not been updated – despite the fact that a security update that would have prevented the breach was made available two months prior to the incident. Following the breach, Equifax took six weeks to notify the public that it had occurred. Then, they set up a web portal for handling credit disputes with the username of “admin” and the password of… you guessed it, also “admin.”

But hey – diversity is our greatest strength, right?