Equifax CEO Richard Smith retired on Tuesday amid revelations about statements he made during a business breakfast at the University of Georgia in the weeks after the massive data breach that hit the company in August, but before it was made public in September.
The company announced Smith's retirement Tuesday morning after Equifax disclosed that hackers had exploited a software flaw that the company had not fixed to swipe Social Security numbers, birthdates, and other personal information which provided tools for easy identity theft to nefarious persons. Smith had been CEO of Equifax since 2005.
Congress has also called for an investigation into the data breach which has affected nearly 44 percent of the US population.
In August, Smith spoke at a breakfast in Athens at UGA's Terry School of Business, before the data breach was made public, where he touted Equifax's overall management of data.
"We manage massive amounts of very unique data. In fact, we have data on close to 1 billion people. We have data on approaching 100 million companies around the world. It's unique, but what you would expect. It's credit data, financial data, wealth data," he said. "Think of the Library of Congress -- we manage 1,200 times that amount of data, every day. Fraud is a massive opportunity for us. The flip side of that is data security."
Smith spoke more of data security at the breakfast -- this in the days following the data breach, but weeks before knowledge of the leak came out.
"It's very attractive for others to try and get into our database -- so it's a huge priority for us," Smith said. "You've heard of the Dark Web? I can go on right now, Jim and show you your social security number, and show you what it's selling for. It's very lucrative. So, one is to make money. There are thieves around the world looking to make money. Number two is called trophy hunting -- it's just to embarrass you. Just to embarrass you."
► Make it easy to keep up-to-date with more stories like this. Download the 11Alive app now.
Smith continued with a statement that, as we look back today, could clearly be seen as prophetic:
"There are those companies that have been breached and know it, and there are those companies who have been breached and don't know it."
A Marietta-based law firm announced that it has filed a class-action lawsuit in connection with the ongoing Equifax data breach.
With the increasing numbers of individuals and businesses being targeted by identity theft and the amount of devastation that can be wreaked due to the vandals and their actions, credit bureaus have a responsibility to safeguard credit information from potential fraud and identity theft.
While individuals have been able to obtain free copies of their credit reports in order to determine if they have been affected by the large-scale data breach tied to Equifax, according to the class action suit filed by The Doss Firm, small businesses are forced to pay Equifax to receive information about their credit in order to make that same sort of determination.
“Unlike consumers who are entitled under federal law to obtain one free credit report annually, businesses must pay for their credit reports,” attorney Jason Doss said. “This is a real double whammy situation for small business owners whose access to credit can often live or die in terms of their personal creditworthiness. The breach could either damage the business directly through identity theft or it could cripple access to small business credit by damaging the ‘linked’ credit of the individual who owns the enterprise.”
For a small business to receive their credit report from Equifax, they must pay $99.
"It's just totally unfair. They should not be able to profit over the mess they have made," said Mississippi boutique owner Dawn Lee Chalmers. "And it's ridiculous that criminals get to know more about the information Equifax has about us than the small business owners do."
The class action suit seeks to recover damages and legal costs from Equifax.