Chief security officer Susan Mauldin and CIO David Webb stepped down from Equifax last week. The company has admitted the breach resulted from its failure to address a previously disclosed Apache Struts vulnerability (CVE-2017-5638) The breach exposed personal identity information on 143 million US consumers. The US Department of Justice has opened a criminal investigation into whether three Equifax executives broke insider-trading laws when they sold company stock in the days following the breach. The board of directors has responsibility for not ensuring a proper adherence to best practices and a verifiable audit trail, expert says.”]