SecurityBrief New Zealand - Technology news for CISOs & cybersecurity decision-makers
Story image
Equifax ushers new CISO as breach fallout continues
Wed, 14th Feb 2018
FYI, this story is more than a year old

Equifax has ushered in a new chief information security officer as the fallout continues from the company's massive data breach last year.

Jamil Farshchi will take over companywide leadership of the company's current project to improve its information security programme. He will also collaborate with industry to share information security best practices.

 "Jamil has a reputation for helping enterprises rebuild and fortify information security programs,” comments interim Equifax CEO Paulino do Rego Barros.

“His expertise in risk intelligence and cybersecurity combined with his intimate knowledge of industry best practices will allow us to design and deploy a best-in-class, global security strategy to re-establish ourselves as a trusted leader."

Farshchi brings a history as CISO of Time Warner and VP of global information security at Visa. He has also worked at NASA.

"Equifax is a company with tremendous potential, and I am confident that we will transform our security program into one of the most advanced and recognised globally," Farshchi comments.

"I am grateful for this new challenge and am looking forward to enabling the business with new insights, a fresh perspective, and a multi-dimensional way of thinking about global data stewardship and information security. Together, we are going to do great things for consumers, customers, and employees alike."

Last year hackers stole personal information belonging to 143 million US customers by using a web app vulnerability to gain access to files.

It was initially publicised that stolen information included names, Social Security numbers, birth dates, addresses and, in some instances, driver's license numbers, credit card numbers and documents with personally identifiable information.

In a report issued by US senator Elizabeth Warren, she accuses the company of being deliberately misleading about the scale of the breach.

The letter says:

“As your company continues to issue incomplete, confusing and contradictory statements and hide information from Congress and the public, it is clear that five months after the breach was publicly announced, Equifax has yet to answer this simple question in full: what was the precise extent of the breach?

Only US customers were affected by the breach, however the take is a stern warning about the risks data breaches bring to organisations and their customers.

At the time of breach disclosure to the public, Equifax CEO Richard F. Smith said the breach was a ‘disappointing' event for Equifax.

“I apologise to consumers and our business customers for the concern and frustration this causes. We pride ourselves on being a leader in managing and protecting data, and we are conducting a thorough review of our overall security operations.

Smith retired from his position as Equifax CEO last year.

Equifax is headquartered in the United States. It operates or has investments in 24 countries including Asia Pacific, Europe, North America, Central America and South America.