Equifax's Chief Security Officer Susan Mauldin and Chief Information Officer David Webb have both left the company as it deals with the fallout from a months-long hacking campaign that compromised the personal information of 143 million people this year. Attackers took advantage of an unpatched server flaw to steal names, addresses, dates of birth, social security numbers and other identifying information from Equifax's database from May 13th to July 30th. The server flaw was made public more than a month before the hack began.
Both executives are "retiring," according to the company. Mauldin, the chief security officer, is being replaced by Equifax's vice president of IT, Russ Ayres. Meanwhile, Webb will be replaced Equifax International IT operations head Mark Rohrwasser. Equifax announced the changes on Friday and said they were to take immediate effect.
Equifax announced details of the hacking campaign on September 7th and there's been a flurry of action and outcry since. Today, a handful of Democratic senators, including Elizabeth Warren and Brian Schatz, introduced a bill designed to give consumers more control over the information collected by credit-reporting companies like Equifax, TransUnion and Experian. The Federal Bureau of Investigation and Federal Trade Commission are investigating the entire affair, as is the Senate, spearheaded by Warren.