Equifax hack: CSO Mauldin trained as a…musician!


A week ago, Scoop reported that consumer credit reporting agency Equifax had waited five weeks before revealing that the personal information of around 143 million Americans had been hacked and that the credit card numbers of over 200,000 U.S. consumers and various documents containing the personal identifying information of some 180,000 U.S. citizens had also been compromised. We also revealed that three Equifax insiders had disposed of around $1.8 million worth of shares shortly after the company was made aware of the hack. We now know that the agency’s Chief Security Officer (CSO) was actually unfit for the job.

Although Susan Mauldin has an impressive profile – she served as group vice president for Suntrust Bank between November 2007 and June 2009 before being appointed senior vice president and chief security officer at First Data Corporation until July 2013 – she does not appear to hold any degree in Computer Science, Cybersecurity or in a related technical field. Instead, Mauldin trained as a musician.

Indeed, according to her LinkedIn profile, Mauldin holds a BA as well as an MFA (Master of Fine Arts degree) in Music Composition. In other words, the personal and confidential information of around 125 million U.S. households was entrusted to a music composer.

Following the publication of the September 7 Investor Relations Q&A announcing the “incident,” Mauldin’s LinkedIn profile was temporarily made private in an attempt to muddy the water. Susan Mauldin is now Susan M. Her musical credentials were also deleted although they have since reappeared.

This week we learned that the colossal data breach had been caused by a software vulnerability the company had known about for months.

On Monday, the Senate Finance Committee wrote to the company’s Chairman and Chief Executive Officer Richard Smith asking a series of questions to better understand what had occurred between mid-May – when the unauthorized access began – and July 29, when the company became aware of the breach. Among the questions requiring an answer by September 28, the Committee asks Equifax to detail the steps the company took following a previous cybersecurity incident.

“Earlier this year, identity thieves stole W-2 tax data and other employee tax records via TALX, an Equifax subsidiary that provides online payroll and tax services. Please describe this incident in detail and explain what steps Equifax took to improve cybersecurity in the wake of this intrusion,” the letter reads.

On Friday both Mauldin and Equifax’s Chief Information Officer David Webb resigned.

According to Technology Attorney Mark Grossman, two dozens class-action lawsuits have been filed against the agency so far.

“We’ve seen a $6 billion loss in market cap, estimated losses from these breaches in excess of $20 billion. This is ugly. The facts are still unfolding. It’s going to get worse. […] We’re pointing to a bankruptcy. We’re pointing to a takeover,” Grossman said on Thursday.

Equifax’s stock has fallen by 35 percent since the breach was made public a week ago.