Credit reporting agency Equifax is ousting CEO Richard Smith in an effort to clean up the mess left by the damaging data breach that exposed highly sensitive information of about 143m Americans.

The shake-up, announced Tuesday (26 September), comes after Equifax disclosed that hackers exploited a software flaw to heist social security numbers, birthdates and other personal data that provide the keys to identify theft.

Smith will also step down from the chairman post.

He had been Equifax's CEO since 2005. Paulino do Rego Barros Jr. was named interim CEO, while board member Mark Feidler was appointed non-executive chairman.

Equifax said that it will conduct a search for a permanent CEO, considering both internal and external candidates.

While the company said in a statement that Smith was retiring, Equifax said in a regulatory filing that it has not entered into any other arrangement or agreement with Smith in connection with his retirement.

He will however, serve as an unpaid adviser to help with the transition process.

The company said in the filing Smith will not receive his annual bonus, and his other potential retirement-related benefits won't be awarded until Equifax concludes an independent review of the data breach.

"The cybersecurity incident has affected millions of consumers, and I have been completely dedicated to making this right," Smith said in a statement.

"At this critical juncture, I believe it is in the best interests of the company to have new leadership to move the company forward."

Equifax
Users’ names, date of birth, email addresses and phone numbers were accessed by hackers REUTERS/Tami Chappell

Although many analysts had applauded Equifax's performance under Smith, he and the rest of his management team had come under fire for lax security and its response to the breach.

Equifax had tried to appease incensed lawmakers, consumers and investors on 15 September with the unceremonious retirement of its chief security officer and chief information officer, who were responsible for managing and protecting the company's technology.

But that wasn't enough, with lawmakers drawing up bills that would impose sweeping reforms on Equifax and its two main rivals, Experian and TransUnion. Equifax's stock reacted in a downfall that wiped out one third of the Atlanta company's value — a $5.5bn (£4.1bn) setback.

Smith had been scheduled to appear 3 October during a congressional hearing that would likely have turned into a public lambasting.

equifax
Equifax's employee portals were secured with outdated software REUTERS/Brendan McDermid

It's not immediately clear who Equifax will send in Smith's place to face lawmakers' wrath.

The data breach might not had happened if Equifax had responded promptly to a March warning about a known security weakness in a piece of open-source software called Apache Struts. Even though a repair was released, Equifax didn't immediately install it.

Digital burglars used the crack in Equifax's computer systems to break in from 13 May through 30 July, according to the company's accounting.

Equifax said it didn't then didn't fathom the breadth of information that had been stolen until shortly before issuing a public alert on 7 September, triggering the wave of withering condemnations that has led to Smith's departure.

The jobs of other Equifax executives could still be in jeopardy.

Three of them, including Equifax's chief financial officer, are under scrutiny for selling some of their company shares for a combined $1.8m before the breach disclosure hammered Equifax's stock.

Smith's departure also won't make life any easier for most of the US adult population who had their information accessed through no fault of their own, but now have to worry about impostors assuming their identities to obtain credit cards and apply for loans so they can run up huge bills.

Equifax Inc. is providing a year of free protection against identify theft for anyone who wants it, but some lawmakers are trying to pressure the company into extending that offer for the next decade.

Some experts say that still isn't enough to guard against identify theft and are advising consumers to put a freeze on their files at Equifax, Experian and TransUnion to prevent anyone from getting a loan under their names.

A credit freeze, though, creates its own headaches since it also prevents the person making it from getting a new credit card, mortgage, auto loan or even an expensive smartphone paid through monthly instalments.

It also costs money to do so at Experian and TransUnion in most states.

Equifax is temporarily waiving its normal fee for credit freezes as another part of its effort make amends for its security breakdown.