Skip to main content
close search
site logo
Dive Brief

Equifax, reeling from breach, remains uncertain of its data encryption

Published Nov. 13, 2017
Naomi Eide's headshot
Managing Editor
Getty, edited by CIO Dive

Dive Brief:

  • Equifax incurred $87.5 million in expenses related to the data breach disclosed in September, including costs to investigate and remediate the breach, in addition to legal expenses, according to the company's Q3 earnings report. But Equifax still saw Q3 revenue increase 4% year-over-year to $834.8 million.
  • The costs of the breach are not over yet. While Equifax said it expects to incur more cybersecurity-related costs in coming quarters, its pending legal battle could prove the most costly. Following the breach, consumers and some financial institutions have filed more than 240 class action suits against Equifax in federal, state and Canadian courts, Equifax disclosed in quarterly SEC filings. Motions to consolidate the cases are in place. 
  • The earnings announcement came shortly after Equifax's interim CEO, Paulino do Rego Barros Jr., and former CEO, Richard Smith, testified before a Senate committee about consumer protection amidst data breaches. At the hearing, Smith said Equifax did not encrypt its data when the breach occurred, TechTarget reports. But when asked if data was still unencrypted at rest, Barros said, "I don't know at this stage." 

Dive Insight:

Fall out from the Equifax breach will continue in the coming months and quarters as the company works to revamp its technology portfolio. While Barros has appointed a chief transformation officer to oversee breach resolution, some damage is irreparable, particularly when it comes to reputation. 

What is going to be key for Equifax in its recovery is the ability to answer the hard questions. As the legal impacts continue, Equifax will have to fully understand the scope of its technology portfolio and know whether encryption is in place. "I don't know," won't necessarily cut it in court. 

The Equifax breach is not a unique incident. Neither was the Yahoo breach. The only thing that sets these breaches apart is the scope of impact, and, in Equifax's case, the sensitivity of the data.  

Though the company is facing legal cases and dings to its reputation, until it faces a greater financial impact, the company may not be as incentivized to make systematic upgrades to its security posture.

Unless there are more serious consequences to data breaches, other companies may not be motivated to change.  

Recommended Reading

Filed Under: IT Strategy, Security

Editors' picks

Company Announcements

View all | Post a press release
Traceable Releases 2025 State of API Security Report: API Breaches Persist as Fraud, Bot Attac…
From Traceable AI
October 30, 2024
Cosentino Drives Business Transformation with AI Powered by Celonis Process Intelligence
From Celonis
October 23, 2024
DigiCert Welcomes Lakshmi Hanspal as New Chief Trust Officer
From DigiCert
October 24, 2024
Tech Ambitions Collide with Reality: 2025 Technology Impact Report Exposes Critical Readiness…
From Omnia Strategy Group, LLC
October 21, 2024
Editors' picks
Latest in IT Strategy
image/svg+xml
Industry Dive is an Informa business
© 2024 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell