There are two kinds of companies, according to a saying that former Equifax CEO Rick Smith shared in a speech at the University of Georgia on Aug. 17. “There’s those companies that have been breached and know it, and there are those companies that have been breached and don’t know it,” he said. Though it was still 21 days before his company would reveal that it had been massively hacked, Equifax, at that time, had been breached and knew it.
The speech, given by Smith to students and faculty at the university’s Terry College of Business, covered a lot of ground, but it frequently returned to security issues that kept the former CEO awake at night—foremost among them was the company’s large database.
“When you have the size database we have, it’s very attractive for others to try to get into our database,” said Smith. “So that is a huge priority for us.”
Smith elaborated on what hackers can do with consumers’ personal information, including selling it on the Dark Web. “It is a very lucrative way to make money,” he said.
Smith’s fastest growing area of security concern was state-sponsored hacking and espionage, he said. “It’s countries you’d expect—you know it’s China, Russia, Iran, and Iraq—and they’re being very aggressive trying to get access to the know-how about how companies have built their capabilities, and transport that know-how back to their countries,” said Smith. “It’s my number one worry.” he added.
It’s not clear if the hackers stole any proprietary Equifax secrets, but they did make off with the personal information for at least 143 million U.S. consumers. Smith retired from Equifax on Tuesday. He will receive $90 million in payouts, salary, and stock compensation.