back to article Equifax CEO falls on his sword weeks after credit biz admits mega-breach

Equifax's chairman and chief exec today resigned, weeks after the consumer credit reporting agency admitted a massive security breach. Richard Smith, who "retires" with immediate effect, has joined a growing list of senior people that exited Equifax in the wake of the mega leak that affected in excess of 100 million consumers …

  1. Semtex451 Silver badge

    Cough

    ...said that the executives had "no knowledge that an intrusion had occurred at the time they sold their shares" That's alright then.

    1. Martin
      WTF?

      Re: Cough

      When I worked for a large international bank, they made a HUGE thing about the share transactions we made. The principle was that there should not even be a possible implication of impropriety in any of our share dealings.

      These transactions don't just have an implication of impropriety. They stink to high heaven.

      The very least the executives should do is to give up the profit they have made as a result of the share price fall.

      1. BebopWeBop Silver badge

        Re: Cough

        Could be worse - has someone asked the question as to whether they invested in derivatives and shorted their own stock?

  2. Anonymous Coward
    Anonymous Coward

    I think it was explained on these forums that US SEC regulations meant that the sale must have been planned for a while - certainly *before* the breach was known about.

    Sometimes, a cigar is just a cigar ...

    1. DougS Silver badge

      Yes and no. Executives have certain windows during which they can sell shares, and generally file their plans in advance just to avoid this type of controversy. However, they don't always note the exact number of shares, which leaves wiggle room to sell a lot more than originally planned if they become aware of adverse information.

      If you had filed that you were going to sell 100,000 shares over the next couple years, and originally planned on selling say 12,500 per quarter but knew something bad happened and decided to sell 75,000 shares instead it would be following your SEC filing but would still be illegal insider trading. What makes it illegal isn't selling shares before bad news (or buying before good news, like a buyout) but basing your trading decisions (including decisions on how many shares at to buy or sell) based on that information.

      I haven't seen the Equifax CEO's filings and trading history, but I imagine the SEC will be taking rather a close look. The problem would be in proving that if he i.e. sold 75,000 shares when he had previously always been selling 12,500 shares that it was done illegally. He might be able to convince a jury that he was house shopping in the Hamptons and wanted to have cash at the ready in case he found what he was looking for. Get a realtor friend to say "oh yeah, I showed him several properties in July" and there's your reasonable doubt...

    2. DNTP

      "We don't understand why this amazingly coincidentally timed and profitable transaction is receiving so much public ire," whined some high level executives currently under SEC investigation. "Just because hundreds of other men demographically exactly like us unlawfully obtained billions of dollars in situations extremely similar to this one and suffered mostly minimal consequences is no reason for the public not to trust us at this current time."

      The executives went on to state that due to this misunderstanding, they were the true victims of the Equifax data breach crisis: "...[not] the little people, and their pitiful identities- who can tell one from the other anyway, they are all dirty unwashed sods... If there's a settlement or clawback, we'd better get the first pick at it, not the fucking useless proles... shit, was my mike on?"

    3. jdoe.700101

      Maybe Equifax is different, but when I worked for a US finance company, all trading needed to be approved by the compliance department, and such approvals were good for 24 hours. Presumably this was to ensure that embarrassing situations like this could not arise.

    4. Anonymous Coward
      Anonymous Coward

      'Sometimes, a cigar is just a cigar'

      "Close, But No Cigar" @AC... Here's why:

      A. The 'date of breach' isn't the 'real date of breach'.

      B. There were several other key breaches before...

      ~~~~~~~~

      https://www.bloomberg.com/news/articles/2017-09-18/equifax-is-said-to-suffer-a-hack-earlier-than-the-date-disclosed

  3. Anonymous Coward
    Anonymous Coward

    Not going to receive his bonus

    How about his pay for the last, oh, five years, can some of that be clawed back?

    1. Anonymous Coward
      Anonymous Coward

      Re: Not going to receive his bonus

      How about his pay for the last, oh, five years, can some of that be clawed back?

      How would you feel if low income workers who were fired for incompetence or misconduct had to give back several years of historic pay? I wouldn't be comfortable with that, and equally I don't think the ex-CEO of Equifux should be subject to clawback by the company, no matter how angry people (rightly) feel about his company's bungling.

      Now, if there's provable criminal or negligent behaviour that might result in personal fines, and I'm not worried by that, but that's different (and one for the courts).

      1. Woodnag

        Re: Not going to receive his bonus

        Different situation. US execs are employed under a contract, negotiated individually, which explicitly states under what circumstances the two parties can be separated. Being booted for gross misconduct allows the company to do a lot usually.

      2. Lysenko

        Re: Not going to receive his bonus

        Now, if there's provable criminal or negligent behaviour

        I can prove that the employee who "fixed" the brakes on your car was qualified in music composition and engaged on a salary far exceeding that of a fully qualified mechanic. Your car crashed because the brakes failed in a way that is demonstrably due to incompetent maintenance.

        Is there prima facie evidence of negligence here? Any ambulance chaser worthy of his knee pads would be biting your arm off to get the case. It doesn't matter if the incompetent employee read a Haynes manual in her spare time - the garage paid over the odds for an unqualified employee in a safety critical role. The garage has to settle - the insurers would never allow a trial with no credible defence. The remaining question is whether the insurers take it on the chin or go after the MD personally since his gross dereliction of duty and failure to supervise is what caused this mess.

      3. Doctor Syntax Silver badge

        Re: Not going to receive his bonus

        "How would you feel if low income workers who were fired for incompetence or misconduct had to give back several years of historic pay?"

        They're not going to be the ones making company policy or overseeing company policy being carried out. The reason CxOs are paid a lot of money is that they carry responsibility. If they fail to discharge that properly that over a long period why shouldn't some of that money be clawed back?

      4. Anonymous Coward
        Anonymous Coward

        Re: Not going to receive his bonus

        > How would you feel if low income workers who were fired for incompetence or misconduct

        > had to give back several years of ... pay?

        Apples and Oranges. Or maybe Apples and Lear Jets.

        Low income workers are already getting screwed, frankly. And trying to get blood from a turnip, and all that. But this fuckwit apparently has plenty of blood. In other news some retirement fund that invested in Uber wants its money back because of Uber's fuckwits and fuckups. Why should this be any different?

        He gets $18M for retirement. What have we got to show for the millions he's already been given and we're going give him $18M more? I'm almost certainly a shareholder through my 401k. Enough is enough, time to stop giving these assholes so much, for so little in return.

        Yes, I'm starting to feel a bit like Mssr and Madam Defarge.

    2. Bitsminer

      Re: Not going to receive his bonus

      Bonus? Why? He gets $USD 18,477,100 for retirement. (According to the company 2017 proxy statement.) That is almost the least they can give him (it's $100k less if they actually terminated him but that is probably chump change compared to litigation costs).

      There are also vested stock awards; unlikely, I think, that he will get much out of those.

  4. Anonymous Coward
    Facepalm

    I hope this doesn't affect his credit rating...

    But at least he's now like all his customers' data. Free. Forever.

    1. Anonymous Coward
      Anonymous Coward

      Re: I hope this doesn't affect his credit rating...

      Do rich people have credit files? Do they ever apply for credit?

      1. vir

        Re: I hope this doesn't affect his credit rating...

        To quote Randy Moss:

        "When you're rich, you don't write checks. Straight cash, homey."

        1. Eddy Ito Silver badge

          Re: I hope this doesn't affect his credit rating...

          It's a different metric and not credit as we hoi polloi know it since rich people theoretically can back it up with cash as a security. Even so, when you're rich, you don't spend your money, you spend other people's money so that if/when your business goes under you limit your liability. Why risk your money when you can sucker someone else to do it and get the profit either way? Just look at the latest example of the LA Rams/Chargers stadium boondoggle.

        2. CrazyOldCatMan Silver badge

          Re: I hope this doesn't affect his credit rating...

          To quote Randy Moss

          Yeah - but he's an NFL player. All those blows to the head don'tchaknow..

  5. a_yank_lurker Silver badge

    Local Story

    According to WSBTV (local Atlanta media) he gave a talk at (th)UGA about cybersecurity in mid to late August, well after the incident. There was a Japanese custom of committing suicide if you dishonored yourself or others by your actions. If he had any honor he would learn how to do it correctly.

  6. Alister Silver badge

    Smith is due to appear before the House Energy and Commerce Committee on October 3 to answer questions about the hack. It's not immediately clear whether or not do Rego Barros will take his place.

    I suppose it doesn't matter, really, they could both say "I have no recollection of these events" with equal clarity...

    1. CrazyOldCatMan Silver badge

      they could both say "I have no recollection of these events" with equal clarity...

      And I'm sure they'll both qualify to have a rabid company-supplied minder^W lawyer to make sure that they don't say anything unfortunate..

      (Where unfortunate == "something that will make us liable in court for anyone who's lost out because of identity theft linked to this unfortunate incident that the evil press have blown out of all proportion")

  7. Anonymous Coward
    Anonymous Coward

    re: How about his pay for the last, oh, five years, can some of that be clawed back?

    I think a better way is that any bonuses predicated upon future performance should be linked to *that* performance. Not the performance just gone.

    If you knew your company had to remain in good shape for (say) 3 years for you to be able to cash your bonus, there's a good chance the company will be doing very well.

    (see: Phillip Green)

  8. Jove Bronze badge

    Share Price

    The business's reputation is thoroughly bust, but it's share price is remarkable resilient.

    I wonder if this would be because client businesses have few alternatives?

    1. Claptrap314 Silver badge

      Re: Share Price

      There are 3 out there. And this does not affect their customers. Think about it.

  9. Claptrap314 Silver badge
    Joke

    Huh. Three C-level resignations & a 25% stock drop. This might just be enough to get folks to take security seriously.

    1. BebopWeBop Silver badge

      Yup - the joke alert icon is very appropriate.

  10. zxmar05

    Was he a "diversity hire", too?

    Oops, did I just assume "its" gender?

    Mea maxima culpa!

  11. Joe User

    Equifax CEO "retires"

    More like "bails out with his golden parachute."

    FTFY

  12. Bitsminer

    Ethics statements fell very very flat

    Have a read of the Equifax employee ethics standards (page 21 and page 22). A lot of corporate fluff about preserving IP and being careful not to expose confidential data and care with relations with customers. Paying customers, that is.

    Absolutely nothing about the care and protection of personally-identifying-information. PII. Which is their whole business.

    http://www.equifax.com/assets/corp/code_of_ethics.pdf

  13. disgruntled yank Silver badge

    swords aren't what they used to be

    There really needs to be a term for this: haha kiri, perhaps.

    1. hplasm Silver badge
      Thumb Up

      Re: swords aren't what they used to be

      "There really needs to be a term for this: haha kiri, perhaps."

      Seppfukyu ?

  14. Open Sauce

    I hope Equifax has some kind of rating and i'd like to see it adjusted accordingly!

  15. Andromeda451

    $18M payout???

    OK El Reg, how exactly is an $18M payout falling on one's sword? The first rule of incompetence club is never talking about incompetence club. A rule held close by Equifax.

    1. DNTP

      Re: $18M payout???

      Hopefully, falling onto 18 million dollars worth of swords. Maybe he can be like Scrooge McDuck, but swimming though a bin of sharpened steel instead of gold coins. That's a joke, I actually don't support the painful death penalty or the normal one either. But honestly anyone who accepts $18M after fucking up that bad doesn't really care about helping me keep that opinion.

  16. Winkypop Silver badge
    Devil

    If you must stuff up

    Stuff up BIG TIME.

    It pays better.

  17. Anonymous Coward
    Anonymous Coward

    ...'Will not be compensated for doing so'...

    Really??? How generous of him... If 'this game' isn't stacked against the rest of us... Gotta love America, Fuck-Yeah! :

    -

    "During his career at Equifax, Smith took home about $165 million, according to data compiled by Bloomberg. That includes salary, bonuses, taxable perks and the value of stock options exercised and stock awards that vested."

    -

    "Equifax said Smith would not receive any annual bonus specifically for 2017. Nevertheless, he is in line to receive a 73,392-share bonus early next year as part of the long-term incentive plan the company put in place back in 2008. That's on top of the $52 million he will walk away with in stock and other retirement benefits that he accrued as part of his nearly 12-year run as CEO. That doesn't even include the nearly $13 million he received in salary and cash bonuses for the past three years alone. He also may be entitled to lifetime health insurance and $60,000 worth of financial planning and tax advice. What's worse, Equifax's very limited clawback policy, which the company has called "rigorous," applies only to financial restatements. That means Smith will have to return almost none of this tens of millions of dollars of pay, even if the company eventually finds that the hack has was his fault."

  18. Anonymous Coward
    Anonymous Coward

    been hired to run NHS, etc

    yet?

    1. CrazyOldCatMan Silver badge

      Re: been hired to run NHS, etc

      No - but the OPM department are probably keen to hire him. After all, he's already made data-loss great again!

  19. Archie Crane

    Warning: Pun ahead

    Given that they breached the personal info of nearly *144* million US citizens - does that count as GROSS incompetence?

  20. aDEMCSE

    Falling on sword... More like Quitting when the going gets tough.

    Reading about CEO's stepping down when their company has a problem to me equates to someone saying F*** it and quitting when there is hard work ahead. The only message it says is that the company will be in more disarray.

  21. Aodhhan

    Congressional Hearing Transcript

    CEO: Yes, we're absolutely positive the breach to our systems happened six months ago.

    Congress: What evidence do you have of this?

    CEO: Six months ago we first started seeing anomalous behavior on our system logs

    Congress: This is fantastic news! How far back do you keep logs?

    CEO: Six months.

    :(

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019