Equifax CEO will have to answer for hack, experts say

Business Leaders FOXBusiness

Equifax blames giant breach on vendor software flaw

TrustedSec's Alex Hamerstone weighs in on whether Equifax is responsible for the giant data breach that may have affected 143 million people.

In the wake of a massive cyber-attack on consumer credit reporting agency Equifax, 143 million Americans’ personal information has been compromised – and that could be problematic for Richard Smith, the company’s CEO of 12 years.

Continue Reading Below

“It does go to the top, it goes to the CEO,” crisis expert Brian Tierney, CEO of Brian Communications, told FOX Business. “You’re looking at the CEO and saying, ‘how did this happen,’ ‘what are the standards they have in place?’”

Data breaches haven’t necessarily led to management shifts at other large companies, notably Yahoo and Target. However, there are a couple of complicating factors for Smith and Equifax.

Just days after the company said it detected the breach on July 29, three executives from the company – including the chief financial officer – sold a combined $1.8 million in stock. In a statement, the company said the executives "had no knowledge that an intrusion had occurred at the time they sold their shares."

However, some believe the timing is suspicious.

“We are deeply concerned Equifax executives were apparently selling stock after they were aware of breach, but before it was reported publicly,” Ben Meiselas, attorney with Geragos & Geragos – one of the law firms that filed a proposed class-action suit on Thursday – told FOX Business on Friday.

Continue Reading Below

Additionally, the company faced another public relations nightmare as it attempted to aid hack victims. The service it offered to help customers determine whether they had been impacted required them to implicitly agree to a clause stipulating that they would not join a class-action lawsuit in the event that they had been victimized.

“Equifax has placed a stealth arbitration clause, which waives the victim’s right to sue,” Meiselas said. “By checking the Equifax site if you are a victim and entering your information binds a consumer to a complex arbitration scheme.”

Sen. Sherrod Brown (D-Ohio) also chimed in on the issue, saying it was “shameful that Equifax would take advantage of victims by forcing people to sign over their rights in order to get credit monitoring services they wouldn’t even need if Equifax hadn’t put them at risk in the first place.”

House Financial Services Committee Chair Rep. Jeb Hensarling (R-Texas) announced on Friday that his committee would be holding a hearing to investigate the hack, though a date has not yet been set.

Tierney said all of these factors turned what could have essentially been a one day news story into a larger problem for Equifax.

More on this...

But the best way Smith can avoid personal career fallout and more negative media attention is to take control of the conversation, said personal brand expert Seth Price.

“Rick Smith needs to bang the drum about the severity of this breach and the vulnerability of our government and financial institutions. That conversation cannot be driven by third parties, he needs to own it,” Price told FOX Business.

The Atlanta-based credit reporting firm announced on Thursday hackers accessed customer accounts between May and July, including Social Security and driver’s license numbers, as well as other sensitive information. The company said it knew about the breach on July 29.

Equifax did not return FOX Business’ multiple requests for comment Friday.

What do you think?

Click the button below to comment on this article.