Equifax purges high execs, including security chief with two music degrees: reports

Beleaguered Equifax, the credit-reporting company that let criminals access Americans’ most-sensitive personal information, has turfed two high executives as a result of the data breach.

Meanwhile, it’s been revealed that the hackers used a vulnerability that Equifax knew about or should have known about before the breach occurred.

On Sept. 15, the company announced that chief information officer David Webb was retiring, with Mark Rohrwasser appointed as interim CIO.

Also retiring was chief security officer Susan Maulden. Russ Ayres, who had been vice-president of IT for the company, is taking her place as interim CSO, the firm said.

Get tech news in your inbox weekday mornings. Sign up for the free Good Morning Silicon Valley newsletter.

The shakeup followed the revelation Sept. 7 that personal information for up to 143 million Americans had been accessed by criminal hackers, with exposed data including names, Social Security numbers, birth dates and addresses — enough for identity thieves to loot bank accounts and take credit out in other people’s names, experts have said.

Since the breach, cybersecurity folks have savaged Equifax over its security processes, and now Maulden is in critics’ sites.

The former CSO, it appears, may have had unusual qualifications for the job, if reports are to be believed.

“When Congress hauls in Equifax CEO Richard Smith to grill him, it can start by asking why he put someone with degrees in music in charge of the company’s data security,” MarketWatch columnist Brett Arends wrote Sept. 15.

“And then they might also ask him if anyone at the company has been involved in efforts to cover up Susan Mauldin’s lack of educational qualifications since the data breach became public.”

Before Mauldin apparently made the details of her LinkedIn profile private, the online CV showed her to have an educational background somewhat surprising for a top cybersecurity officer at a firm that hoards citizens’ most valuable personal data, reports indicate.

Online magazine Hollywood LA News published what purported to be a screenshot of Mauldin’s LinkedIn page before it was stripped of details. The screenshot shows Mauldin having bachelor’s and master’s degrees in music composition from the University of Georgia. For jobs before the CSO position at Equifax, positions as a “professional” are listed at First Data Corporation, SunTrust Bank and Hewlett-Packard.

The latest version of what appears to be her LinkedIn profile just has the initials M.S., with education details removed, though her “interests” include Equifax and HP Alumni.

Arends wrote that “tech-savvy blogs” had determined that after the breach was made public, “someone began to scrub the internet of information about Mauldin.

“Her LinkedIn page was made private,” he wrote. “Two videos of interviews with Mauldin have been removed from YouTube. A podcast of an interview has also been taken down.”

Equifax said Sept. 13 that the hackers got in through a vulnerability in the “Apache Struts” web application framework. On Sept. 14, the owner of that framework, Apache Struts, noted on Sept. 14 that it had patched and announced the vulnerability on March 7. Equifax has said the breach started in May.

“The Equifax data compromise was due to their failure to install the security updates provided in a timely manner,” Apache said. 

Image: Internet hacking (Creative Commons/Max Pixel)


Tags: , , , , ,


Share this Post

  • Every hour makes simply from $140 to $155 simply by performing from home employing a desktop computer or portable computer and simply work for three to four hrs each day as i arrived last four weeks $15862 from this. I am a full time college student and just working on this for 2 to 3 hrs a day. Every person can now get extra cash online by just Check Web link by clicking on my name.


  • Kefauver

    As someone posted on my Facebook feed, at least when Equifax does the song and dance about how this happened, it shouldl be in tune and well choreographed.

  • elkhornsun

    I have wondered about the incompetence of our military and its internal security when men such as Manning and Snowden are able to walk out of a building with gigabytes of data on their person. Equifax is only the most recent company to show no regard for data security. No way a single breach should enable ANYONE to access millions of records on a company’s servers. It shows that there has been no partitioning of the network whatever.

    I doubt many people are aware that when the credit companies gave in to allowing individuals to freeze access to their credit information that this also included in the legislation a get out of jail free for these companies. They are not liable unless the victims can prove malicious intent. Shear incompetence is not enough to get recourse.