The Daily Swig Web security digest

‘We have an important journey in front of us’ – Equifax counts the cost of data breach

James Walker | 15 November 2017 at 12:00

Hack investigation, legal fees, and litigation strips $87 million from company’s bottom line.

As Equifax counts the cost of a major security breach thought to have impacted around 146 million people, the credit rating agency has scrapped executive bonuses and suspended share buybacks this year, with the company warning that the hack is likely to harm future sales.

It’s now been more than two months since Equifax provided details of a major cybersecurity incident which exposed the personal details of 145.5 million people in the US and almost 700,000 people in the UK.

After discovering unauthorized access to its systems in July, the Atlanta-based company went public with the breach on September 7, confirming that customer names, social security numbers, birth dates, addresses, and – in some instances – driver’s license numbers and credit card numbers had been compromised.

The initial cost of what has since been named one of the world’s biggest-ever corporate data breaches has now become apparent, as Equifax said earnings in the third quarter totaled $96.3 million, down 27% on the prior-year period.

In the three months to September 30, the company said costs associated with the breach investigation, legal fees, subsequent litigation, and the rollout of free credit monitoring services amounted to $87.5 million.

Speaking to analysts in the wake of the earnings announcement, chief financial officer John Gamble said the negative impact of the data breach was likely to bleed through to the current quarter, reducing revenue during the period by around 4%.

As Equifax looks to recover both its financial losses and damaged reputation, interim CEO Paulino Barros – who took the helm after former head, Richard Smith, stepped down following the breach announcement – said he was placing a hold on executive bonuses.

“Due to the impact of cybersecurity incident, we have decided that the Equifax senior leadership team and I will receive no incentive compensation in 2017,” Barros said.

“As we report our third quarter results, we recognize that we have an important journey in front of us to regain the trust and confidence of consumers and our business customers.”

He added: “Our teams have taken immediate actions to improve our data security and provide improved support for consumers who were impacted by our cybersecurity incident.”

As Equifax takes stock of the hack, one of the company’s leading competitors, Experian, said a “spike in enrolments” in the immediate aftermath of the breach announcement helped the group achieve a 5% growth in revenues.

However, while rival credit rating firms might benefit from the Equifax breach in the short term, Experian said the hack has resulted in increased legislative and regulatory activity, which may in turn lead to “increased oversight” of security matters affecting the sector.

“The notoriety of the breach has also increased in the near term the external risks associated with information security,” Experian said in its half-year report earlier today. “We continue to see increased consumer protection-focused legislative and regulatory activity in our key markets.”