Equifax CIO, CSO Step Down

Embattled credit-monitoring company names interim replacements for both positions and outlines more details about the massive breach.

Equifax late today announced that its chief information officer and chief security officer were retiring and effective immediately.
While the credit-monitoring firm did not include the executives names in its announcement, Equifaxs website
lists
David Webb as Equifax CIO. Webb, who has served as CIO since 2010, will be replaced by interim CIO Mark Rohrwasser, who has been with the company since last year and led Equifaxs international IT operations.
According to
Boardroom Insiders
, Susan Mauldin is Equifaxs CSO, and has been with the company since 2013. She will be replaced by Russ Ayres, who most recently served as vice president in its IT department.
Equifax said it first observed suspicious network traffic on July 29 that appeared to come from its US online dispute portal Web application. The security team blocked that traffic, but another wave came through the next day. The security team then took the affected Web application offline.
When Equifax drilled deeper into the problem, it found a vulnerability in the Apache Struts Web application framework (CVE-2017-5638), and determined that flaw was the initial attack vector.
Upon discovering a vulnerability in the Apache Struts web application framework as the initial attack vector, Equifax patched the affected web application before bringing it back online, Equifax stated.
The
Apache Struts patch
for the flaw was first made available in early March.
Equifaxs Security organization was aware of this vulnerability at that time, and took efforts to identify and to patch any vulnerable systems in the companys IT infrastructure, Equifax stated. While Equifax fully understands the intense focus on patching efforts, the companys review of the facts is still ongoing. The company will release additional information when available.
Read more about the Equifax statement
here
.

Join Dark Reading LIVE for two days of practical cyber defense discussions. Learn from the industry’s most knowledgeable IT security experts. Check out the INsecurity
agenda here
.

Last News
▸ ArcSight prepares for future at user conference post HP acquisition. ◂ Discovered: 07/01/2025 Category: security	▸ Samsung Epic 4G: First To Use Media Hub ◂ Discovered: 07/01/2025 Category: security	▸ Many third-party software fails security tests ◂ Discovered: 07/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
Equifax CIO, CSO Step Down