Equifax's Trifecta of Shame

Equifax Pulls a Trifecta. Equifax announced last Thursday that it had discovered on July 29 that it had been hacked. Up to 143 million personal files may have been accessed: social security numbers, birthdates, addresses, and perhaps driver licenses. About 55% of the American adult population is now at risk. It was the third known hack of the year for Equifax. A bad day for Equifax is potentially a calamity for 143 million people. The second leg of the trifecta was Equifax’s response. Three executives, including John Gamble, the chief financial officer, sold $1.8 million in Equifax shares within four days of the breach. That’s insider trading. The trio are looking at criminal and civil penalties and disgorgement. Equifax’s claim is that they were unaware of the breach. Hence, it’s just a coincidence. That might work if the sales were pursuant to a routine, planned sale, but it’s not. Equifax did not notify the public of the July breach until July 7, almost six weeks after the breech. The company has some explaining to do. The third leg of the trifecta compounds Equifax’s public relations disaster. It offered a free one year-credit monitoring, but the fine print included a waiver of any legal claims against Equifax. The company is about to run through a gauntlet of litigation. Two class action suits were filed against it Friday, with more to follow. It will also face Congressional hearings, state attorney generals, and regulatory agencies. Legal costs and settlements will claim a big percent of its annual sales of $3.1 billion. Shareholders can forget about dividends and capital appreciation for years. Equifax should have learned a lesson from Target about the dangers of a computer breach. Target was hacked December 2013 the week before Christmas. 40 million credit and debit cards were compromised. Target incurred costs of $292 million in resolving the claims. About $90 million was covered by a cypher insurance policy, leaving Target’s cost of $202 million. Equifax has a checkered history. It was earlier known as Retail Credit Company of America. Its practices and mistakes, along with its creditors, led to Congressional enactment in 1970 of the Fair Credit Reporting Act. The problem for us as consumers is that we cannot boycott Equifax. We are not its customers because we do not deal directly with it. Its customers are banks, retailers et al who seek credit reports on companies and individuals will have to shift their business to Equifax’s competitors.