from Hacker News

Equifax C.E.O. Richard Smith Retires After Huge Data Breach

by yanowitz on 9/26/17, 1:07 PM with 264 comments

  • by cletus on 9/26/17, 1:52 PM

    So if I design a car with a faulty steering mechanism that fails under unusual circumstances but, when it does, can cause a possibly fatal accident, I have a huge liability problem. Product liability as a whole is a pretty big deal. And that can be in spite of countless hours of testing where there is no evidence of malfeasance, negligence or even incompetence.

    Why haven't product liability laws caught up with information services? The Equifax breach here was caused by, at the very least, reckless negligence in that they failed to patch a published vulnerability for MONTHS after it was disclosed.

    Now I'm not talking about the BS class actions you get where the class gets nothing (except for the named plaintiffs who, for some reason, make out like bandits) and the lawyers make a ton of money.

    What I'm talking about is having the same expectations, requirements and civil and criminal punishments that product liability would have with a physical product, at least when it comes to willful negligence of this sort.

    The VW emissions scandal (rightly) is resulting in criminal prosecutions for fraud.

    But the makers of routers, IoT light bulbs and the like seem to suffer no consequences for (and thus have no incentive to improve) the security of their products.

    I just don't get it.

  • by bedhead on 9/26/17, 2:20 PM

    Equifax has existed since 1899. It's in an oligopoly business that is completely unassailable, for better or worse. It would be fine with or without Richard Smith, who has been CEO for the last 11 years. He will have made something like a minimum of ~$145 million over that time. (If you factor in the value of his options since the grants it's more like $300 million) It's unconscionable. Entrepreneurial reward for managerial duty. People give hedge fund managers a hard time but at least those guys founded their companies and built them up...it's these hired-hand CEO's that are the real problem.

  • by Multicomp on 9/26/17, 1:33 PM

    Hmmm let me get this straight: 143,000,000+ people have to pay Equifax $3-20+ to get their credit frozen, and you get to just walk away and retire with oodles of money from your illicit stock selling and severance packages? There is no justice sometimes.

    That's around ~430,000,000 USD for Equifax alone [edit: if] 143M people got their credit frozen at $3 per freeze. (Obviously back of napkin math, and not everybody pays the same or even freezes their credit)

  • by genzoman on 9/26/17, 1:58 PM

    Anyone else think how convenient it was that no news agency broke this news prior to the Friday before September 11th? News cycle dies on the weekend, and on Monday you have the anniversary of the deadliest attack in 70 years on US soil.

    No political figure has talked about making these companies disclose this information as soon as possible, and no political figure is furthering any type of bill to make it illegal to know about a data breach and not tell anyone for months.

    American obsession and addiction to media is what caused Trump to win, and it's why egregious failures of trust such as this will continue to go relatively unpunished.

    We are constantly pumping out the equivalent of crude oil into your culture at the rate of millions of gallons a second. It's all trash, and it pollutes discussion and any sort of cooperation.

    Left/Right is the new religious battle, and the new holy books are blogs and twitter feeds. The media is under no obligation to tell you the truth, and in this case the lie is omission.

  • by rothbardrand on 9/26/17, 1:32 PM

    This is not enough. We need a reform to legislation to make these companies liable both for data breaches and for false information. Too often the CRAs are used effectively as extortion mechanisms whereby your credit rating his held hostage to extract money you don't owe for collection agencies.

  • by Overtonwindow on 9/26/17, 1:31 PM

    They're all jumping ship now. I hope congress, or the FBI, hold some of these people responsible for the mess they've created, and take Equifax to the woodshed.

  • by UnoriginalGuy on 9/26/17, 1:42 PM

    If I drive my vehicle recklessly, even if nobody is injured (or no property), I can receive a citation, risk having my license revoked, and risk being arrested.

    Why is it that American corporations and their leadership have less oversight than your average 15 year old driver? They keep reminding us of corporate personhood when it is convenient, but where is the personhood responsibility?

    Companies aren't going to spend money on security until the potential costs impact them rather than others (in this case all of us). That's something that urgently needs to change. As you can see by Equifax's stock, nobody in the stock market thinks that the governments are going to punish or collapse Equifax, and the worst part is that they're likely right (see BP for example).

    This too big to fail, too big to jail, too big to punish thing is really starting to get on my nerves. Even if we aren't ready to send corporate executives to prison, let's at least fine Equifax so much they go out of business, and it sends a shot across every other business's bow about what will happen if they mishandle sensitive information.

  • by FussyZeus on 9/26/17, 1:34 PM

    > Speaking for everyone on the Board, I sincerely apologize. We have formed a Special Committee of the Board to focus on the issues arising from the incident and to ensure that all appropriate actions are taken.”

    > Now if you'll excuse me, this golden parachute isn't going to pull it's own rip cord. Have fun fixing all your credit reports and enjoy Equifax's "free" data protection services, your contributions and patience (or short attention span, whichever you prefer) will be thoroughly appreciated by my successor, until he too fails too hard and has to endure a life of permanent financial security and nonstop leisure.

  • by whataretensors on 9/26/17, 2:11 PM

    Let him retire in prison with the rest of the C-levels.

  • by aaroninsf on 9/26/17, 5:34 PM

    In other large countries of note, responsibility for a billion dollar crisis and abuse of private data would result in life-ending jail time.

    They have a point. This ass hat enriched himself at the expense of customers held at gun point, and didn't even oversee due diligence in the execution of a bullshit monopoly.

    Retiring to ride horses and pensively stare at the far horizon of one of his ranches and come back with think piece hagiography in 4 years on the lessons learned...

    ...there should be bigger consequences.

  • by FilterSweep on 9/26/17, 3:19 PM

    Is there a way to tell if you are impacted without having to enter your SSN on suspicious websites?

    Its scary how little information the media is providing on this. Equifax does not provide an FAQ over what conditions you may be affected. I don't have a line of credit, and I have never used their services personally, HOWEVER, if a prior employer used them through a background check, or if they used a 3rd party who sends my data to equifax without me knowing, I'm pwned and didn't even know it.

  • by vkou on 9/26/17, 4:00 PM

    There is a solution to this problem - the Freedom from Equifax Exploitation Act, drafted by senators Elizabeth Warren and Brian Schatz.

    Naturally, not a single republican supports this legislature.

  • by walshemj on 9/26/17, 3:03 PM

    Interesting that all the senior Equifax who have left have "retired" and not resigned ;-)

    Resigning is a known way of avoiding more serious penalties and loss of pension etc a lot of UK Police when facing serious charges suddenly resign due to stress.

    Its telling that when found guilty or far less serious offences the CEO of shell resigned giving up a lot of !$

  • by bogomipz on 9/26/17, 2:47 PM

    >"The chairman and chief executive of Equifax, Richard F. Smith, retired on Tuesday ..."

    >"“Speaking for everyone on the board, I sincerely apologize,” Mark Feidler, the Equifax board’s new chairman"

    Where is the apology from the CEO?

  • by pfarnsworth on 9/26/17, 1:58 PM

    Retirement isn't good enough, he should have his money clawed back. It's unfair that he gets to walk away scot free when hundreds of millions of people are fucked.

  • by rdiddly on 9/26/17, 3:29 PM

    Retirement is a bad word choice. In this case maybe it's better to blur the subtle distinction between retiring and resigning. At least appear contrite.

  • by ibejoeb on 9/26/17, 2:33 PM

    "Pack it up boys, our work here is done."

  • by SubiculumCode on 9/26/17, 5:16 PM

    Cowards with golden parachutes: Modern Capitalism.

  • by FilterSweep on 9/26/17, 2:31 PM

    May he land gracefully from a proper golden parachute deployment

  • by politician on 9/26/17, 7:46 PM

    Does he get to avoid testifying before Congress by resigning?

  • by CodeSheikh on 9/26/17, 3:27 PM

    He is conveniently retiring to cash in severance packages and bonuses. He should be fired and brought in front of a judicial committee to answer questions for risking identity info of millions of consumers.

  • by Animats on 9/26/17, 7:06 PM

    With $18.4 million in pension benefits.

  • by wnevets on 9/26/17, 2:53 PM

    So he gets to retire with a golden parachute made with diamonds, how nice.

  • by yarsk on 9/26/17, 3:12 PM

    Well is a good idea to retire when your age and energy is exulted.

  • by VirtualAirwaves on 9/26/17, 3:52 PM

    This is one issue our President should take some executive action on, if at all possible. At the very least, people should not be charged for credit freezes for the next few years, and existing laws should be reviewed. Taking action against Equifax would be supported by the vast majority of Americans.

  • by katastic on 9/26/17, 1:34 PM

    I wish I could "retire" after selling out over half of the workers in the USA.

  • by adekok on 9/26/17, 1:51 PM

    Their security head was a music major, with little or no experience in the field.

    https://www.nbcnews.com/business/consumer/equifax-executives...

  • by WillReplyfFood on 9/26/17, 1:36 PM

    I take full responsibility for those breaches, and thus decided to step back, and for the remainder of my life work in customer support of a banke to fix those whose accounts are targeted.

    No CEO ever

    Aye, the noble folks must upheld to diffent standards. Onwards, to bigger and better things they grow- they are a diffrent people, not bound to clean up after themselves. All that outdated respons-hillbillity just holds the innovation of scams back.

  • by yarsk on 9/26/17, 3:10 PM

    Well that is a nice idea for him, retirement in a necessary when your age is up to it.

  • by wehadfun on 9/26/17, 3:37 PM

    How does everyone feel about Susan Mauldin(Equifax Chief Security Officer) having a music degree?