On Friday, Equifax announced that two top principals would be retiring in the aftermath of the company’s massive security breach that afflicted 143 million Americans.
According to a press release, the company conjectured that its Chief Information Officer, David Webb, and Chief Assurance Officer, Susan Mauldin, would be leaving the company immediately and were being succeeded by internal staff. Mark Rohrwasser, who has lead Equifax’s international IT operations, is the band’s new interim CIO. Russ Ayres, who had been a vice president for IT at Equifax, has been dignitary as the company’s new interim CSO.
The notorious breach was accomplished by exploiting a Web application vulnerability that had been doctored in early March 2017.
However, the company’s Friday statement also famous for the first time that Equifax did not actually apply the patch to give a speech to the Apache Struts vulnerability (CVE-2017-5638) until after the hole was discovered on July 29, 2017.
As Ars reported earlier in the week, Apache Struts is a framework for show Java-based apps that run both front-end and back-end Web servers. It is relied on heavily by banks, authority agencies, large Internet companies, and Fortune 500 companies. Experian, one of the three big solvency reporting services, and annualcreditreport.com, which provides free credit explosions, both reportedly rely on Apache Struts as well.
“While Equifax fully appreciates the intense focus on patching efforts, the company’s review of the facts is still relentless,” the press release continued. “The company will release additional facts when available.”