Yesterday, it was announced that the Chief Information Security Officer of Equifax, Susan Mauldin, had retired (http://www.msn.com/en-us/money/companies/key-equifax-executives-departing-after-huge-data-breach/ar-AArZrIF).

This is the person who was responsible for the security of 143M American’s financial records. And this doesn’t even count the number of British and Canadian records that were compromised.
And, 2 months after the security breach was discovered she was allowed to retire.

If Equifax really cared about the damage she, and her greoup, has done they would have fired her, with cause, back in July or early August.

And this doesn’t even take into consideration her questionable background.

What does it look like when she has BA and MFA degrees in Music Composition from the University of Georgia? I’m not saying that she might not be a genius. She might even have the capacity to become an expert on computer security and manage the sensitive financial security needs of most of the people in the U.S. However, as a public company with so much at stake, couldn’t Equifax have hired someone who has done nothing but live and breathe security for their entire career and has a Computer Science background?

In addition, someone is doing a pretty good job of scrubbing the web of her background. First, her Linkedin profile was renamed and changed, now it has disappeared completely. Below is what it was before getting deleted.

Mauldin Linkedin Profile

Why does it list her titles as merely ‘Professional’? What is she trying to hide?

You can’t find anywhere on the web what she did immediately after earning that MFA in Music Composition. In particular, what did she do to be able to earn the position of Senior Director of Information Security, Audit and Compliance for Hewlett-Packard’s outsourcing practice from 2002 to 2007 which seems to be the springboard into the eventual position of CISO at Equifax? What was she Group Vice President for at Sun Trust Banks? Her background has been very carefully crafted and sanitized. Think about that. Most people want you to know what their background and experience are. ITtappears that she doesn’t want you to know.

This breach is going to cause irreparable financial harm to millions of people and the economy, caused by someone who may not have been qualified to be in her job.

Let’s hope this is a wake-up call to the government and financial industry to fundamentally change the system and develop something more secure with tighter security and restrictions on what information companies can retain and store.

In the meantime, Equifax needs to go the same path as Enron – into oblivion. If not merely for the fact that their lax security will result in most people in the US worrying about their credit and finances for a long time to come, but also for the fact that they allowed her to gently retire instead of rapidly firing her for cause.