Following its massive data breach in 2017, it was reported that Equifax was to spend over $200 million in clean up costs. Fast-forward two years, the credit reporting giant has spent close to $1.4 billion on cleanup costs and remodeling its information security program.
The Equifax data breach started on 13 May 2017, but the company discovered it on 29 July 2017. Remediation began immediately, however, the resulting costs have taken a significant toll on the company’s finances.
The breach exposed personal data of 148 million individuals in the United States, i.e., 56% of American adults. About 15 million U.K. citizens and 20,000 Canadians also had their data stolen.
Investigations by Authorities
The data hack resulted in a number of lawsuits and congressional probes by privacy authorities in both Canada and the U.K. The Republican majority staff of the U.S. House of Representatives Committee on Oversight and Government Reform published a report that stated the data breach “was entirely preventable.”
According to the report, “Equifax, however, failed to implement an adequate security program to protect this sensitive data. As a result, Equifax allowed one of the largest data breaches in U.S. history. Such a breach was entirely preventable.”
They reported that Equifax had numerous security defenses in place, but failed to use them to full effect.
The company responded to the report in a statement, “We identified significant inaccuracies and disagree with many of the factual findings.”
On the Canadian probe which concluded recently, Daniel Therrien, Canada’s privacy commissioner, stated that “Given the vast amounts of highly sensitive personal information Equifax holds, and its pivotal role in the financial sector as a credit reporting agency, it was completely unacceptable to find such significant shortcomings in the company’s privacy and security practices.”
UK regulators concluded their investigation last September and the Information Commissioner’s Office (ICO) announced a fine of £500,000 for failing to protect personal data of up to 15 million citizens of the U.K.
Equifax’s Financial Results for Q1 2019
Many companies have faced data hacks and have paid a heavy price for it. The Atlanta-based company reported a loss of $555.9 million for the first quarter of 2019 (ending 31 March) against $90.9 million net income in the same quarter of 2018. Equifax’s technology and data security costs resulting from the breach came up to $82.8 million in the Q1 2019 balance sheet.
These costs include incremental costs to transform the technology infrastructure and to improve application, network and data security. The company also launched Lock and Alert, a product that allows individuals to lock and unlock their credit report with Equifax.
Apart from this, Equifax also listed $12.5 million in quarterly legal and investigative fees and $1.5 million for product liability.
Looking at the gravity of the Equifax data breach 2017, the importance of security comes to the forefront. Once the damage is done, the road to recovery is a long and winding one. It’s clear that companies shouldn’t wait for lawmakers to crack the whip but rather give security very high priority especially if they deal with personal sensitive data of people. There’s a lot to learn from the Equifax data breach. The need for investment in mobile app, website, and network security is essential now more than ever!