Equifax has spent $242.7 million related to data breach remediation since the incident was disclosed in September 2017, the company said in its Q1 2018 earnings Wednesday.
Costs relating to the cybersecurity mishap include $45.7 million for the redesign of its IT infrastructure and data security; $28.9 million for its legal fees and costs of other professional services used during the investigation of the incident; and $4.1 million for the services Equifax now offers to impacted customers for free.
Even with the additional costs related to the breach, the company still had a 4% increase in revenue compared to Q1 2017.
Equifax's data breach revelations placed a spotlight on the long-term breach recovery expenses businesses can incur.
The actual breach occurred between mid-May through July, leaving 145.5 million of Equifax's customers' PII vulnerable. Yet the company waited until September to disclose the breach, resulting in a near immediate retirement of its CIO and CSO.
Not long after their departure, Equifax's CEO Richard Smith also retired. Though Smith had his own days in court, Equifax's acting CEO Paulino do Rego Barros Jr. appeared before Congress alongside Yahoo's former CEO and Smith, and the executives were effectively told that apologies cannot take the place of penalties, according to Sen. Richard Blumenthal, D-CT.
Equifax named Mark Begor its new CEO in March, who will replace Barros, according to a company announcement. Barros is set to retire early 2019 and will aid Begor's move to the firm in the time being.
Equifax's story, coupled with that of Yahoo, Uber and perhaps even Facebook, highlights the need for overcoming data negligence and accountability across company leadership. So many companies possess an abundance of information on users, which users expect will be treated with care.
The foundation of cybersecurity is often ignored in favor of another layer of new applications and services. Often, the new layers don't resolve an underlying issue and distract from basic maintenance and timely system patching, which Equifax failed to do.