One week after what may be the biggest security leak in US history, when Equifax belatedly admitted that hackers had made off with over 143 million private data profiles, sending the company’s stock 37% lower in the past week…
… leading to a massive scandal which will go through at least one round of Congressional hearings in which company CEO Richard Smith will have to explain why the company waited for weeks before making this unprecedented data breach public (a breach which came due to a vulnerability the company was aware of and should have patched months prior) and will likely culminate with prison time for one or more company executives, questions have emerged if Equifax was involved in another cover up, this time involving the background of its Chief Security Officer.
Meet Susan Mauldin, the Equifax Chief Information Security Officer, and the person who was responsible for keeping the highly confidential and secret information of over 100 million Americans well… highly confidential and secret.
Mauldin has been with Equifax as CSO / CISO since 2013. She was previously Senior Vice President and Chief Security Officer at First Data Corporation, until July 2013. Mauldin was also SunTrust Banks’ Group Vice President from 2007 to 2009.
So far so good, but a problem emerges: according to LinkedIn, Mauldin’s stated educational background has no security or technology credentials, and consists of…. a bachelor’s degree in music composition (magna cum laude) and a Master of Fine Arts degree in music composition (summa cum laude), both from the University of Georgia. Once again, this is the person who was in charge of keeping your personal and financial data safe — and whose failure to do that have put 143 million at risk from identity theft and fraud.
Or rather, that’s what her LInkedIn profile would have disclosed if in the hours after the scandal broke, “someone” didn’t thoroughly scrub and censor it.
As MarketWatch’s Brett Arends writes, “there has been very little coverage so far of Susan Mauldin’s background and training. Given the ongoing disaster of the hack and Equifax’s handling of the affair, the media spotlight has so far been elsewhere.” It now emerges that someone was very keen on keeping as little information about Mauldin’s background in the public arena as possible.
Shortly after the Equifax scandal broke, Maludin’s LinkedIn page was made private and her last name replaced with “M.” Below is a screengrab showing Susan Mauldin’s old and current LinkedIn pages in Google search results as of 9/9/2017.
Mauldin’s original LinkedIn page was on this url before it was made completely private: linkedin.com/in/susan-mauldin-93069a (now a 404 page not found)
A few days after the news of the data hacking broke, the following page reappeared a with a different url, with the specific detail that her degrees were in Music Composition removed. Also, her surname Mauldin was replaced with the initial letter M. to complicate profile discovery.
Among the skills touted on her LinkedIn page: Data Center, IT Solutions, PCI DSS, IT Service Management, IT Outsourcing.
Additionally, two videos of interviews with Mauldin have been removed from YouTube. A podcast of an interview has also been taken down. As Hollywoodlanews.com reports, in March 2016, Mauldin was interviewed on camera by the CEO of the big-data company Cazena.
The videos featuring parts of an interview with Susan Mauldin, which were embedded on this page, have been taken down as of the afternoon of September 10.
A partial transcript of her remarks during the interview have been archived for posterity by a third party. http://archive.is/6M8mg
The full interview videos went far in explaining what may have been the eventual cause of the massive leak of information now gravely affecting 143 million Americans.
The audio-only version of the interview that was publicly available on Soundcloud has also been scrubbed from the web.
* * *
Unfortunately for the scrubbers, internet archives preserved her original LinkedIn profile (shown above) which revealed her “music” background, and a transcript of one interview has survived.
So as CEO Richard Smith prepares for the upcoming congressional grilling, here are two more questions he can add to the list: first, how far can a Chief Security Officer go in this business without a formal education in technology. In an interview uncovered by Brett Arends he notes that Mauldin said that in recruiting, “[w]e’re looking for good analysts, whether it’s a data scientist, security analyst, network analyst, IT analyst, or even someone with an auditing degree. … Security can be learned.”
But she also said she focuses college recruitment, understandably, on “universities that have programs in security, cyber security, or IT programs with security specialties.” She did not mention music composition.
And second, was the company actively involved in what appears to be an active campaign to scrub the potentially embarrassing background of its Chief “Security” Officer?
As Arends concludes, and we agree, “everything about this fiasco just gets more and more surreal.” It will be even more surreal however if as a reader points out, a diversity hire is the reason behind one of the largest hacks of financially sensitive data ever…