A week after a massive cyberattack exposed the personal information of 143 million people, Equifax on Friday announced that the executives in charge of information and security were retiring.
The departures of chief security officer Susan Mauldin and chief information officer David Webb are "effective immediately," the credit rating firm said.
Through mid-May until July, when the company spotted suspicious activity, hackers were able to gain access to a huge amount of data, including Social Security numbers, credit card numbers, birth dates, and addresses.
"This is clearly a disappointing event for our company, and one that strikes at the heart of who we are and what we do," said Equifax chairman and CEO Richard Smith in a statement. "I apologize to consumers and our business customers for the concern and frustration this causes."
On July 29, Equifax said its security team "observed suspicious network traffic" related to an open source application that supports the company's online dispute portal called Apache Struts. The next day, it took that application offline, it said. It also contracted with independent cybersecurity firm Mandiant to assess the scope of the attack.
"With respect to the company's security posture, Equifax has taken short-term remediation steps, and Equifax continues to implement and accelerate long-term security improvements," the firm said on Friday.
Mark Rohrwasser will fill in as interim chief information officer and Russ Ayres will take over as chief security officer.
The company, which analyzes data on more than 820 million consumers and more than 91 million businesses worldwide, said its internal investigation of the attack is ongoing. It is also cooperating with the FBI.