[bodz]

FYI the "President of US Information Solutions" at Equifax is a role that has nothing to do with their IT/security department. It's not the same thing as the CIO or head of IT, as many people are confusing him for. He's the head of a product line which is called "information solutions". The head of IT/CIO is a completely different person (who has since been fired/resigned).

[mikeyouse]

This is a good clarification, but the guy shoudn't be absolved in either case. Here's the description of his duties from their website:

> Trey Loughran leads the company’s United States Information Solutions (USIS) business, which includes U.S.-based services that provide businesses with consumer and commercial information and insights related to areas of risk management, identity and fraud, marketing and other industry-specific solutions.

He would definitely be in the loop regarding a breach of this nature.

[bodz]

I don't necessarily think so. Just because he manages the risk management offering which is sold to other companies doesn't mean he would be aware of or involved in day-to-day risk management at his own company.

At my consulting firm, the execs in charge of our cybersecurity consulting practice are absolutely not involved in any internal cybersec investigations that happen to our own firm. In fact, we have specific procedures which say that our cybersecurity consultants cannot be involved with internal incidents. All internal investigations have to be done by outside, impartial firms.

[mabbo]

Ah, a very good point. I'll give him a little bit more benefit of the doubt if that's the case. The FBI might not, mind you.

[cmiles74]

I'm not interested in giving the benefit of the doubt to a C-suite executive who cashes out about a week after the company suffers one of the most newsworthy data breaches in recent history. To my mind, they are in exactly the right position to know about this sort of thing.

For sure, an investigation will be forthcoming and, in this country, one is innocent until proven guilty. But it seems, in my opinion, exceedingly likely that we'll find an email or text or some bit of ephemera notifying these people of the breach.

If not, well, I will eat my hat.

[conductr]

Have you worked at a BigCo or know what it's like to be in senior leadership? I would not be surprised in the least if this guy had no clue about the hack. These organizations are huge. People are actually very tight lipped when these things happen. You are/should be told not to speak about it even with your peers.

I also wouldn't be surprised if he did know, but just wanted to emphasize these BigCo org charts tend to be insanely big and complicated. At the senior levels you may not talk to or see your boss for weeks; especially when some big shit like this is being uncovered. So totally possible he knew nothing.