In the wake of the Equifax disaster, in which it is alleged Equifax violated the law by failing to protect consumers' information and then waited six weeks to disclose the breach, and then issued confusing and misleading information, the Equifax chief executive and chairman, Richard Smith, has now stepped down.
The former chief security officer, Susan Mauldin, has been revealed as having credentials in music rather than computer science or security, but is now clearing her LinkedIn profile and other online profiles of any background information.
Meanwhile, the city of San Francisco has filed a lawsuit against Equifax on behalf of the state of California. City attorney Dennis Herrera says more than 15 million affected people are from California, and says the Atlanta-based Equifax violated a California law prohibiting illegal, unfair or fraudulent business practices. The lawsuit seeks penalties of US$2500 for each violation and restitution for Californians who bought credit monitoring services from Equifax.
"The data breach will subject California residents to increased risk of identity theft and fraud for many years to come," the lawsuit states.
Equifax continues to operate under a Federal Trade Commission consent decree, but remains under tight scrutiny and possible sanctions. The organisation has scheduled hearings in Washington DC before the House Subcommittee on Digital Commerce and Consumer Protection. Despite resigning, Smith will be compelled to front Congress and explain how the cyber-breach occurred, what, if any, electronic safeguards the company had in place, and what it plans to do besides offering free credit monitoring and identity theft protection.
The breach was disclosed on 7 September, with Equifax revealing hackers had compromised the personal information of nearly half the population of the United States. Equifax said Smith would forgo his 2017 bonus, but will still receive a payout of US$18 million. Equifax is searching for a successor to fill his position.
The breach occurred from mid-May through July 2017, and Equifax also identified unauthorised access to limited personal information for certain residents of the UK and Canada.
Equifax, like many US companies, requires people to agree to settle disputes by arbitration and forgo their right to a trial by jury. Big corporations have poured money into the political system to win less regulation and mandatory arbitration clauses have become the norm.
Yet, in the wake of the Equifax disaster, the Consumer Financial Protection Bureau is fighting to help regular Americans defend their right to trial by jury, as guaranteed by the 7th Amendment to the US Constitution.
Whatever the result, confidence is shaken in the whole credit system, and the fallout may reverberate for years to come. Regular American people — potentially anyone who has ever applied for credit — must obsessively monitor personal credit reports for years to come, identity theft being a real danger that will not pass swiftly.
The writer is currently in Washington DC.