Published in News

Equifax’s chief security officer quits

by on18 September 2017

 
Music major faces the music

It looks like the news that Equifax’s Chief Security Officer was a music major with no education related to technology or security was one story too many for the blighted company – Chief Security Officer Susan Mauldin has quit the company along with Chief Information Officer David Webb.

Webb and Mauldin have “retired” according to Equifax in a news release that did not mention either of those executives by name. Mark Rohrwasser, who had been leading Equifax's international information-technology operations since 2016, will replace Webb and Russ Ayres, a member of Equifax's IT operation, will replace Mauldin.

Equifax revealed that the attackers exploited Apache Struts bug CVE-2017-5638 - "identified and disclosed by U.S. CERT in early March 2017" - and that they believed the unauthorised access happened from May 13 through July 30, 2017.

MarketWatch reports that Equifax: "Admitted that the security hole that attackers used was known in March, about two months before the company believes the breach began." And even then, Equifax didn't notice (and remove the affected web applications) until July 30.

Some of this might have been because Equifax “Chief Security Officer” Susan Mauldin has a bachelor’s degree and a master of fine arts degree in music composition from the University of Georgia. Her LinkedIn professional profile lists no education related to technology or security and it is not really clear how she got the job in the first place. If you are going to hire someone who knows nothing about technology, you are better off getting a budgie, or at least someone who can turn a computer server on and off.

 

 

Last modified on 18 September 2017
Rate this item
(0 votes)

Read more about: