Equifax CEO walks away with $18 million after data breach affecting half the US occurs on his watch

Key Points
  • Ex-CEO Smith could walk away with at least $18.4 million in pension benefits.
  • Equifax is conducting a search for a new CEO, naming its Asia-Pacific head to take on the interim CEO role.
  • Critics pointed to the company's botched response to the crisis, including a long gap between discovery and public disclosure.
Equifax CEO steps down: What happens next?
Equifax CEO steps down: What happens next?

The abrupt departure of Equifax's chief executive officer on Tuesday has not dampened the criticism of the company since it disclosed a massive data breach earlier this month.

As in other recent corporate scandals, the departure of Richard Smith was swift if not inevitable. The credit reporting company said he was retiring effective immediately and he wouldn't get a bonus for this year, though he is eligible to walk away with at least $18.4 million in pension benefits.

Some said Tuesday his departure should have happened more quickly. Wells Fargo dispatched its former CEO last year, one month after regulators said thousands of its employees opened millions of fake deposit and credit card accounts to meet aggressive sales goals.

Target's former CEO held on for four months before leaving in May 2014 in the wake of a major data breach at the retailer in late 2013. But Anthem's CEO did not leave that company after a 2015 data breach that exposed personal information for 79 million people. The second-largest U.S. insurer recently settled with victims of the hack for $115 million, the biggest data breach settlement yet.

What struck people as different about Equifax's situation was the company's bungled response to its crisis. For starters, Equifax waited 40 days from the time it discovered the breach in late July to its public disclosure on Sept. 7.

Waiting 40 days "is pushing it," said Nathan Taylor, a cybersecurity lawyer at Morrison Foerster who has represented big companies in data breaches. Equifax's hack affected as many as 143 million people, including personal identifying information such as Social Security numbers, names and birth dates. That number amounts to more than half the U.S. adult population.

"They had to have known this was going to be an area of focus," added Taylor.

Adding to Equifax's woes, the part of its website devoted to consumers worried about protecting their information was glitchy at first, and there was confusion over Equifax's customer dispute resolution rules. The management appeared slow to react with a cohesive message or customer outreach plan.

"Speaking for everyone on the board, I sincerely apologize," Mark Feidler, the new chairman of Equifax's board, said Tuesday, adding it had formed a special committee to look into the data breach.

Worse, says Yale School of Management professor Jeffrey Sonnenfeld, the company appeared to have no clear CEO succession plan. It named Paulino do Rego Barros, the president of its Asia-Pacific region, as interim chief while it conducts a search for a permanent successor. "This is far less a frustration with the frontier of technology but rather just old fashioned missteps and terrible preventative practices," he said.

Even Smith's fate, characterized as retirement, didn't sit well. Smith has been scheduled to testify about the breach in the House and the Senate next week, and his sudden departure made lawmakers react angrily.

"A CEO walking out the door just days before he is to appear before Congress is an abdication of his responsibility," Sen. Brian Schatz said in a statement Tuesday. Equifax's spokeswoman said Smith was still scheduled to make those appearances next week.

The board's move is being interpreted as a way to get out ahead of what is anticipated to be a major grilling by lawmakers. "The new standard with boards now is 'how badly will we look compared to other unnamed CEOs in front of Congress?'" said Michael Peregrine, a corporate governance lawyer at McDermott Will & Emery.

At the very least, Equifax's shares responded positively to the news on Tuesday, in the sense that they turned positive for the first time in a while. The stock has lost 26 percent of its value since the beginning of September. The shares closed Tuesday higher after spending most of the day lower on the Smith retirement news.

Smith, who joined Equifax in 2005 after 22 years as an executive at General Electric, is staying on in an unpaid role to assist the company for 90 days, Equifax said in a securities filing. His total pay for 2016 was $14.9 million, according to the filing, including a $3 million bonus he might have been eligible to get this year as well. The rest of his 2017 compensation won't be decided until the conclusion of an independent review.

"This is akin to an oil tanker spill," Taylor said. "It doesn't matter if the captain had 12 hours of sleep and tons of training, people are going to be watching everything you do."

WATCH: Equifax CEO to appear before the Senate

Equifax CEO Richard Smith to appear before Senate
Equifax CEO Richard Smith to appear before Senate