Equifax CEO Richard Smith is out after the company’s embarrassing data breach and botched response.
The credit reporting bureau announced Smith’s sudden retirement on Tuesday, three weeks after it disclosed that the hack had compromised the personal information of as many as 143 million Americans.
Smith, 57, had been CEO for 12 years. His retirement is effective immediately and he won’t receive a bonus for this year.
“At this critical juncture, I believe it is in the best interests of the company to have new leadership to move the company forward,” Smith said in a statement.
Equifax said all decisions on what money or benefits Smith is owed will be delayed until after the board completes an independent review into the breach and the company’s response.
The company still faces an investigation from the Federal Trade Commission and a hearing before Congress next week.
Equifax (EFX) is one three major companies that track the credit histories of almost all Americans and sell that sensitive information to banks, credit card companies and other clients.
The breach left its customers — who never signed up for the service in the first place — feeling helpless and vulnerable to identify theft. The company’s response made things even worse.
Equifax learned of the hack in late July but only disclosed it September 7. Equifax at first couldn’t say whose data had been breached, and it initially asked customers to give up their right to sue the company in exchange for credit monitoring services.
It set up a web domain to host customer service complaints, then repeatedly linked to a fake phishing site on its social media page.
And three Equifax executives sold large chunks of stock after the company learned about the hack but before it went public. The company has said those executives did not know about the breach.
Smith apologized in USA Today on September 13 and called it “the most humbling moment” in Equifax’s history.
Smith, who had also served as chairman, isn’t leaving the company completely. Equifax said he agreed to serve as an “unpaid adviser” to assist in the CEO transition.
“The cybersecurity incident has affected millions of consumers, and I have been completely dedicated to making this right,” Smith said.
Mark Feidler, an Equifax board member, was tapped to take over as the company’s non-executive chairman.
“The Board remains deeply concerned about and totally focused on the cybersecurity incident,” Feidler said in a statement. “Speaking for everyone on the Board, I sincerely apologize.”
Equifax said it has launched a search for a new CEO to guide it through what is likely to be a turbulent period. In the meantime, the company has tapped Paulino do Rego Barros Jr., an executive from its Asia Pacific division, to serve as interim CEO.
Equifax’s board also formed a special committee to focus on the breach and ensure “all appropriate actions are taken.”
It’s not clear whether Smith will still testify at next week’s hearing. Neither Equifax nor the Senate Banking Committee responded to requests for comment.
Smith isn’t the only one out of a job. Equifax previously announced the retirements of its top security and information executives.
But those departures weren’t enough to put out the firestorm, nor ease nervousness on Wall Street. As much as one-third of Equifax’s market value vanished after the breach was disclosed.
Equifax stock fell 1% further on Tuesday after the management shake-up.
Smith has built a fortune with his Equifax holdings. Just since the start of 2016, Smith has netted $68.9 million by selling Equifax stock, a CNNMoney analysis found. His remaining shares are still worth about $28 million.