Advertising Read more

San Francisco (AFP)

Equifax said Friday that two executives entrusted with watching over its computers are retiring, their departures coming after its maligned handling of a major hack at the credit reporting agency.

The Equifax chief information officer and head of security will retire, effective immediately, as "part of the company's ongoing review of the cybersecurity incident" that resulted in personal data of 143 million customers being stolen by hackers.

An internal investigation into the hack continues and the company is working with the FBI, according to Equifax.

Word that top executives responsible for defending Equifax computer systems are out came on the same day that the Canadian privacy commissioner announced an investigation into the massive theft of personal data from the US credit agency.

"The investigation is a priority for our office given the sensitivity of the personal information that Equifax holds," the office of the privacy commission of Canada said in a release.

A senior US senator this week asked the Federal Trade Commission, one of the few bodies with oversight powers over loosely-regulated credit raters, to examine Equifax's security practices and its "widely-panned response" to consumers potentially impacted by the breach.

Senator Mark Warner, a member of the powerful Senate Banking Committee, accused the company of "exceptionally poor cybersecurity practices" that continued even after the hack became known.

He also said the company's woeful response to people whose data may have been lost -- including trying to charge them for protection -- was "alarming".

"The volume and sensitivity of the data potentially involved in this breach raises serious questions about whether firms like Equifax adequately protect the enormous amounts of sensitive data they gather and commercialize."

Equifax is one of the three major firms which collect consumers' financial data in order to rate their credit-worthiness to banks, home sellers, auto sellers and others who depend on consumer credit in marketing.

The data the company admitted to losing on September 7 includes people's names, social security numbers, addresses, credit card numbers, and other financial details.

Such data is often used by criminals to steal people's identities for financial gain.

US officials are investigating the data hack but have not revealed if they know who was behind it, though foreign hackers are widely suspected.

The breach took place from mid-May through July 2017 via a website application vulnerability that US cyber security companies say they had identified in March.

Congress has expressed outrage at the hack and the company's management of it. Particular anger has been aimed at allegations that three Equifax officials sold their stock in the company before the hack was made public.

© 2017 AFP