Equifax CEO Richard Smith is out after the company’s embarrassing data breach and botched response.
The credit reporting bureau announced Smith’s sudden retirement on Tuesday, three weeks after it disclosed that the hack had compromised the personal information of as many as 143 million Americans.
Smith, 57, had been CEO for 12 years. His retirement is effective immediately.
“At this critical juncture, I believe it is in the best interests of the company to have new leadership to move the company forward,” Smith said in a statement.
The company still faces an investigation from the Federal Trade Commission and a hearing before Congress next week.
Equifax is one three major companies that track the credit histories of almost all Americans and sell the information to banks, credit card companies and other clients.
The breach left its customers — who never signed up for the service in the first place — feeling helpless, and the company’s response made things worse.
Equifax learned of the hack in late July but only disclosed it September 7. Equifax at first couldn’t say whose data had been breached, and it initially asked customers to give up their right to sue the company in exchange for credit monitoring services.
It set up a web domain to host customer service complaints, then repeatedly linked to a fake phishing site on its social media page.
And three Equifax executives sold large chunks of stock after the company learned about the hack but before it went public. The company has said those executives did not know about the breach.
Smith apologized in USA Today on September 13 and called it “the most humbling moment” in Equifax’s history.
Smith, who had also served as chairman, isn’t leaving the company completely. Equifax said he agreed to serve as an “unpaid adviser” to assist in the CEO transition.
“The cybersecurity incident has affected millions of consumers, and I have been completely dedicated to making this right,” Smith said.
Mark Feidler, an Equifax board member, was tapped to take over as the company’s non-executive chairman.
“The Board remains deeply concerned about and totally focused on the cybersecurity incident,” Feidler said in a statement. “Speaking for everyone on the Board, I sincerely apologize.”
Equifax said it has launched a search for a new CEO to guide it through what is likely to be a turbulent period. In the meantime, the company has tapped Paulino do Rego Barros Jr., an executive from its Asia Pacific division, to serve as interim CEO.
Equifax’s board also formed a special committee to focus on the breach and ensure “all appropriate actions are taken.”