David Webb, the main data officer, and Susan Mauldin, the central security officer, are "resigning," the organization said Friday.
"Equifax's interior examination of this episode is as yet continuous and the organization keeps on working intimately with the FBI in its examination," Equifax said in an announcement.
The credit-checking organization has been reeling from the hack, which uncovered the Social Security numbers, addresses, charge card data, and driver's licenses of upwards of 143 million individuals.
The organization guarantees that programmers exploited a defenselessness in Apache Struts.
Programmers initially broke into Equifax's servers on May 13, the organization said on Friday.
Apache, the gathering that makes the product, had turned out with a fix for the product shortcoming around two months sooner.
Equifax experienced harsh criticism this week for holding up so long to influence the product to fix. On Friday, the organization said its security "knew about this helplessness at the time, and took endeavors to recognize and to fix any defenseless frameworks in the organization's IT foundation."
The organization has additionally employed Mendiant, a division of FireEye, to do a posthumous of the hack.A cybersecurity arm of the U.S. Bureau of Homeland Security, US-CERT, "recognized and unveiled" the Apache Struts blemish in March, Equifax said in an announcement.
What's more, the organization's security division "knew about this weakness around then, and took endeavors to recognize and to fix any helpless frameworks."
However, as indicated by the organization, programmers abused the defect months after the fact.
Equifax has said it found the information rupture on July 29. On Friday, it said it held up until it "watched extra suspicious action" after a day to take the influenced web application disconnected.
What's more, on August 2 Equifax reached Mandiant, an expert cybersecurity firm, to enable the organization to evaluate what information had been traded off.
With assistance from Mandiant, Equifax could decide a progression of ruptures had happened from May 13 through July 30, the organization said.
Fixing programming at enormous organizations with many machines takes time. They should first distinguish the weakness, at that point execute and test the fix to ensure it doesn't break anything before making it open.
Nonetheless, security specialists say Equifax ought to have moved quicker.
"There's truly no reason whether it's a troublesome fix or not, for an association of that size with that sort of size of information," said Jon Hendren, executive of technique at security firm UpGuard. "When you're a major association like that, it's a foundational disappointment of process and the fault goes straight to the best."
Equifax has likewise been generally scrutinized for holding up over a month to ready its clients and investors about the hack.
On Friday, the organization reported its main data officer and boss security officer are "resigning."
