Equifax CEO Richard Smith announced he is stepping down on Tuesday, the latest repercussion for the company following a massive cyberattack. 

The departure comes three weeks after the company initially announced the breach. As a credit monitoring service, Equifax holds data on nearly every single American who has a credit card or has applied for a loan. 

Smith oversaw Equifax as it was hit by a massive data breach that could touch nearly half the US population — up to 143 million Americans could be affected. The company said it had failed to patch a security flaw that dated back to March, which allowed hackers to break into its servers and steal millions of Social Security numbers, names and addresses. 

“The cybersecurity incident has affected millions of consumers, and I have been completely dedicated to making this right,” Smith said in a statement released to investors on Tuesday. “I believe it is in the best interests of the company to have new leadership to move the company forward.” 

That new leadership is interim CEO Paulino do Rego Barros Jr., who oversaw Equifax’s Asia Pacific department, and has been with the company for seven years. Equifax is still searching for a new CEO. 

He’ll have to deal with the list of security issues that Equifax faces, as well as investigations from the Federal Trade Commission and Congress.

Equifax will testify to Congress on October 3, but it’s unclear whether it will be Smith or the new interim CEO. Equifax did not respond to a request for clarification.

Smith isn’t the only executive to leave in the cyberattack’s wake. Equifax’s chief information officer and chief security officer also left on Sept. 15.

Equifax has been facing public scorn and scrutiny since Smith announced the breach on Sept. 7. The company learned of the hack on July 29, but waited more than a month to warn its affected victims.

Its chief financial officer John W. Gamble Jr., sold $1.8 million in Equifax shares just a few days after the company learned about the breach, but weeks before it was announced to the public. 

Equifax handling its crisis has been a disaster on its own, with pressure mounting on Smith and the ship he ran. Legal concerns popped up with its hack checker, not to mention the easily spoofed URL that Equifax accidentally tweeted out.

The credit monitoring agency also will have to deal with multiple investigations and lawsuits, like the Massachusetts attorney general suing the company, as well as a class-action lawsuit coming out of both Georgia and Oregon.

Along with ousting Smith, Equifax said it is creating a special committee to deal with its breach, and manage cybersecurity incidents in the future. 

This is a developing story.

The Smartest Stuff: Innovators are thinking up new ways to make you, and the things around you, smarter.

Tech Enabled: CNET chronicles tech’s role in providing new kinds of accessibility.