Equifax breach cost will go well into the hundreds of millions
While it’s too soon to tell what the ultimate Equifax breach cost will be, Wall Street has already rendered its initial verdict: $4 billion. That’s how much stock market value Equifax has lost since the credit bureau revealed last week that it was hacked, compromising the personal information of about 143 million people.
Since Friday morning, Equifax shares are down more than 20%, as investors brace for lawsuits, lost business, and increased regulations. “The breach compromises Equifax’s reputation as a trusted steward of consumer data, and will create a near-term business disruption,” said SunTrust analyst Andrew Jeffrey. And don’t forget the actual costs related to responding to the crisis and cleaning up the mess that Equifax faces. For instance, the credit bureau has already agreed to give every American access to its TrustedID Premier credit monitoring and identity theft protection free of charge for 12 months.
If you haven’t heard of Equifax’s recent data breach, you have not been paying attention. On September 7, 2017, Equifax, one of America’s three big credit reporting agencies, announced a data breach that compromised the Personally Identifiable Information (“PII”) of 143 million Americans, 200,000 credit card numbers, and the personal data of hundreds of thousands of Canadian and U.K. citizens. This article will not delve into the various instances of bungling, potential insider trading, potential fraud, and overall incompetence that has plagued Equifax during this debacle, or the specifics of the Equifax breach, as that has been well-documented elsewhere.
The main question that must be answered is: “How much Equifax will have to pay as a result of lawsuits (consumer & government), increased cybersecurity personnel, hardware, and software, and ongoing regulatory and monitoring costs?”.
The price Equifax will pay for the black hat attack it revealed last week, which compromised the names, birth dates, Social Security numbers, addresses, and in some cases driver’s license numbers of 143 million US consumers, will be high. Although the exact figure won’t be known until after the dust has settled — perhaps a year or more down the road — a look at a recent study conducted by the independent research group Ponemon Institute for IBM indicates the company’s bottom line is in for quite a hit.
For 2017’s annual Cost of Data Breach Study, Ponemon interviewed 419 companies in 13 countries (63 of them in the US) that had experienced a breach in the previous year. Among those attacks, the biggest one resulted in 99,500 records compromised — orders of magnitude smaller that the Equifax breach.
The study found that in the US the average total cost of a data breach is $7.35 million, a 5 percent increase since last year. Globally, the number was $3.62 million, representing a 10 percent decrease. The difference largely has to do with a strong US dollar, according to Ponemon. Breaches taking place within the US also cost more on a per-record-compromised basis, with US firms paying $225 (a 2 percent increase over last year), and firms outside the US paying $141 (an 11.4 percent decrease).