The lawsuit alleges the company failed to implement and maintain reasonable security procedures. He had been Equifax's CEO since 2005. Equifax said the search is already underway for a permanent CEO. If the review does not find Smith at fault, he could walk away with a retirement package of at least $18.48 million, along the value of the stock and options he was paid out over his 12-year tenure. Equifax at first couldn't say whose data had been breached, and it initially asked customers to give up their right to sue the company in exchange for credit monitoring services.
In a statement, Smith said he was dedicated to rectifying the issues surrounding the data breach, but he concluded that the company needed new leadership at this point. The company said 143 million consumers may have been affected by the breach of sensitive information.
It was unclear who might step in for Smith at the hearing.
Credit reporting company Equifax Inc. corporate offices are pictured in Atlanta, Georgia. "Maybe someone on the board needs to be removed", said Brent Longnecker, head of compensation and corporate-governance consulting firm Longnecker & Associates. "Speaking for everyone on the Board, I sincerely apologise".
It is rare, but not unprecedented for a CEO to depart following a massive hack.
The city attorney's office said in a notice that the lawsuit was filed against Equifax for failing to protect the personal data of more than 15 million Californians.
According to the executive's termination agreement, Smith will not receive his annual bonus for the year, and "irrevocably disclaims any right he may have to such bonus". Paulino de Rego Barros Jr., the company's Asia Pacific region president, will serve as interim CEO.
Equifax's almost six-week delay in notifying the public about the intrusion into its vast database of sensitive information - and the bungled handling of potential fixes - led to an outcry from consumers and lawmakers as well as state and federal investigations. The House Energy and Commerce committee said in a tweet that it still plans to hold its hearing October 3.
An Equifax spokeswoman said the company would continue to cooperate with lawmakers.
Smith also agreed to "provide reasonable assistance" to Equifax for at least three months without pay.
"I recommend companies direct people to a site that is trusted and part of their main domain, in order to make sure that something like this doesn't happen", Tarah Wheeler, a cybersecurity consultant at Red Queen Technologies, told NPR last week.