Equifax CEO Richard Smith steps down after hack

(Bloomberg) - Equifax Inc. Chief Executive Officer Richard Smith stepped down, joining other senior managers who left the credit-reporting company in the wake of an uproar over the theft of private data on 143 million Americans.

Smith will be replaced on an interim basis by Paulino do Rego Barros Jr., 61, a seven-year company veteran who was most recently president of the Asia-Pacific region, the Atlanta-based firm said Tuesday in a statement. Board member Mark Feidler, a former BellSouth Corp. president, was named nonexecutive chairman.

"The cybersecurity incident has affected millions of consumers, and I have been completely dedicated to making this right," Smith said in the statement. "At this critical juncture, I believe it is in the best interests of the company to have new leadership to move the company forward."

Equifax has drawn outrage from lawmakers and scrutiny from regulators since Sept. 7, when it disclosed one of the biggest cyberattacks in history. Hackers stole sensitive data - including Social Security numbers, birth dates and other identifying information - for much of the adult U.S. population. Smith will still testify before Congress next week about the breach, Equifax spokeswoman Ines Gutzmer said in an email.

See also: Equifax must answer questions despite CEO retirement: Waters

Senator Mark Warner, a Virginia Democrat, called Equifax "a travesty" during a Senate hearing on Tuesday, saying Smith's resignation "is by no means enough." Senator Brian Schatz of Hawaii said the company needs to be held responsible for its actions.

"A CEO walking out the door just days before he is to appear before Congress is an abdication of his responsibility," Schatz, a Democrat, said in a statement.

Jaret Seiberg, a Cowen & Co. LLC analyst, said Smith's immediate departure could be a "political positive" for Equifax, compared with him leaving under pressure after the hearings.

Equifax shares fell 1.3 percent to $103.68 at 11:33 a.m. in New York and have tumbled 27 percent since the hack was announced. Smith's departure is an "incremental negative," SunTrust Robinson Humphrey analyst Andrew Jeffrey said in a note to investors.

"Rick Smith has been integral to Equifax's impressive decade-plus long growth," said Jeffrey, who has a buy rating on the stock. "We would have liked to see him weather this storm."

Smith has $18.4 million in retirement benefits and could stand to get millions of dollars more, including lifetime health coverage, according to a regulatory filing. A decision about how much he will receive will be deferred until the board completes its review of the breach, the company said Tuesday in an updated filing. He won't get a bonus for fiscal 2017.

Return Pay

Senator Elizabeth Warren, a Massachusetts Democrat, called on Smith and other Equifax executives to return some compensation and said Barros and Feidler should also testify before Congress.

"It's not real accountability if the CEO resigns without giving back a nickel in pay and without publicly answering questions," Warren said in a statement.

Barros, who joined Equifax in 2010, was previously head of U.S. Information Solutions, the company's largest unit. Before joining the credit-reporting firm, he was founder and president of PB & C - Global Investments and earlier was president of global operations for AT&T Inc.

Smith, who will remain as an unpaid adviser to the company, isn't the first executive to leave in the wake of the disclosure. The firm's chief information and chief security officers departed as of Sept. 15, the company said in a statement that didn't identify the executives. David C. Webb, who joined the firm in January 2010, was previously chief information officer, according to an annual regulatory filing in February. Susan Mauldin had been chief security officer, according to her professional profile on LinkedIn and an Equifax news release from 2015.

GE Alumn

Mark Rohrwasser was named interim CIO and Russ Ayres was appointed interim CSO, reporting to Rohrwasser, according to the Sept. 15 statement.

Smith joined Equifax as CEO in 2005 after spending more than two decades climbing ranks at General Electric Co., where he worked in divisions focusing on plastics, modular homes, car fleets and insurance. Over almost 12 years at Equifax, the company's stock more than quadrupled before the breach was announced.

On Sept. 13, Equifax conceded that hackers exploited a software vulnerability known as Apache Struts CVE-2017-5638. Computer-security specialists had publicly identified that weakness earlier this year, offering a patch to fix it in March. Equifax has said the breach happened sometime after mid-May and was discovered July 29.

"This is the most humbling moment in our 118-year history," Smith wrote in an op-ed posted to USA Today's website Sept. 12. "We apologize to everyone affected."

Two days later, Senate Minority Leader Chuck Schumer called for Smith and the company's board to quit. The incident is "one of the most egregious examples of corporate malfeasance since Enron," the Democrat said, referring to the Texas energy trader that collapsed in 2001 after lying about its finances.

Lawmakers have threatened to boost oversight of the industry, which is supposed to safeguard data that could be used for identity theft and fraud. The Federal Trade Commission announced a probe, citing the "intense public interest and the potential impact."